Security Advisories (6)

CVE-2012-5526 (2012-11-21)

CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.

CVE-2011-2766 (2011-11-08)

Usage of deprecated FCGI.pm API.

CPANSA-CGI-2010-02 (2010-11-08)

Non-random MIME boundary.

CPANSA-CGI-2010-01 (2010-02-05)

Newlines in headers.

CVE-2010-4411 (2010-12-06)

Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

CVE-2010-2761 (2010-12-06)

The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172.

NAME

CGI::Session::Serialize::Default - default serializer for CGI::Session

DESCRIPTION

This library is used by CGI::Session driver to serialize session data before storing it in disk.

METHODS

freeze(): receives two arguments. First is the CGI::Session driver object, the second is the data to be stored passed as a reference to a hash. Should return true to indicate success, undef otherwise, passing the error message with as much details as possible to $self->error()
thaw(): receives two arguments. First being CGI::Session driver object, the second is the string to be deserialized. Should return deserialized data structure to indicate successs. undef otherwise, passing the error message with as much details as possible to $self->error().

WARNING

If you want to be able to store objects, consider using CGI::Session::Serialize::Storable or CGI::Session::Serialize::FreezeThaw instead.

COPYRIGHT

This library is free software. It can be distributed under the same terms as Perl itself.

AUTHOR

Sherzod Ruzmetov <sherzodr@cpan.org>

All bug reports should be directed to Sherzod Ruzmetov <sherzodr@cpan.org>.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)