Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks
CVSS Metrics
