CVE-2013-10031: Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks

CVE-2013-10031: Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timing attacks Timothy Legge 09 Dec 2025 00:16 UTC

========================================================================
CVE-2013-10031                                       CPAN Security Group
========================================================================

         CVE ID:  CVE-2013-10031
   Distribution:  Plack-Middleware-Session
       Versions:  from 0.01 before 0.17

       MetaCPAN:  https://metacpan.org/dist/Plack-Middleware-Session
       VCS Repo:  https://github.com/plack/Plack-Middleware-Session.git

Plack::Middleware::Session versions before 0.17 for Perl may be
vulnerable to HMAC comparison timing attacks

Description
-----------
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC
comparison timing attacks

Problem types
-------------
- CWE-1254 Incorrect Comparison Logic Granularity

Solutions
---------
Upgrade to version 0.17 or higher

References
----------
https://github.com/plack/Plack-Middleware-Session/commit/b7f0252269ba1bb812b5dc02303754fe94c808e4