Vulnerabilites related to mojolicious - mojolicious
Vulnerability from fkie_nvd
Published
2025-05-03 16:15
Modified
2025-06-17 14:15
Severity ?
Summary
Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.
These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mojolicious | mojolicious | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "007066BB-83B9-4F4C-BAAB-261837197373",
"versionEndIncluding": "9.40",
"versionStartIncluding": "0.999922",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application\u0027s class name, as a HMAC session secret by default.\n\nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session."
},
{
"lang": "es",
"value": "Las versiones de Mojolicious de la 0.999922 a la 9.39 para Perl utilizan una cadena de c\u00f3digo fijo, o el nombre de la clase de la aplicaci\u00f3n, como secreto de sesi\u00f3n HMAC por defecto. Estos secretos predeterminados predecibles pueden explotarse para falsificar cookies de sesi\u00f3n. Un atacante que conozca o adivine el secreto podr\u00eda calcular firmas HMAC v\u00e1lidas para la cookie de sesi\u00f3n, lo que le permitir\u00eda manipular o secuestrar la sesi\u00f3n de otro usuario."
}
],
"id": "CVE-2024-58134",
"lastModified": "2025-06-17T14:15:38.223",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-03T16:15:19.310",
"references": [
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/hashcat/hashcat/pull/4090"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/mojolicious/mojo/pull/1791"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/mojolicious/mojo/pull/2200"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Third Party Advisory"
],
"url": "https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Product"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Exploit"
],
"url": "https://www.synacktiv.com/publications/baking-mojolicious-cookies"
}
],
"sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-321"
},
{
"lang": "en",
"value": "CWE-331"
}
],
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F4EDEE1D-9A82-47F2-BED9-DCA9913DD64A",
"versionEndIncluding": "0.991246",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "083A2DA9-38BB-4AF8-9FF0-41101E830A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C11EC7-D91E-4F65-9C8A-801C724EDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33620B-2B78-4221-8067-15E8BC56865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC00B5-717B-4F7F-AD25-9754BEFD7221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E2469A-BE25-4D18-8E7D-F709DCB86FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB8742-9D5C-4831-BD2F-A24505B8E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA1476-123D-44D5-A1E8-D9C58F6D9949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479781F2-9614-4552-AE39-12AC41ABB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78D1279D-333D-4338-B4ED-07BB1900FB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D21184D-8823-4162-961D-8A7856557786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "538FC292-B6BF-4551-AE44-259E0B61B680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "574F7A7C-3986-401D-A58F-6C8F7D922002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDACD094-8117-460E-B7D1-E63EC00B97A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*",
"matchCriteriaId": "6965DAA1-FDD8-484B-873A-F6D13227FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*",
"matchCriteriaId": "9865E142-BB29-4718-BD85-F40E185BF31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*",
"matchCriteriaId": "9F667C15-3C89-49CD-800D-303A2677FC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*",
"matchCriteriaId": "8B301544-A38F-417C-BB94-E7711F8ED7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEBDEB2-3070-4633-A934-DDF49CBD10C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*",
"matchCriteriaId": "5875A25D-CC0E-43CF-B617-CEA99C65A52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C04B9B-DEA3-4161-8E6C-BBBBE9AF5444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F9699-7B1B-4356-B0EB-C942888AFEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*",
"matchCriteriaId": "A041B8EB-AD9E-452B-9A2E-22DBCD5CB091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE7A136-3975-400A-AB77-4BCD4669553A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*",
"matchCriteriaId": "FE628F19-D7C9-4E6D-BDC4-5C82CDE540E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*",
"matchCriteriaId": "26803A52-EAEC-4CD6-BB89-F1EF40B3021F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BC4454-3168-420B-9136-21FD18571526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*",
"matchCriteriaId": "A346280F-BA80-4FBA-BD15-6CA7A1ED8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*",
"matchCriteriaId": "B0376F10-8493-498D-9B5D-76AFE0F4417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*",
"matchCriteriaId": "69293BBF-7788-4462-AA6F-9D3A084D1B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*",
"matchCriteriaId": "31F30FA3-69EC-45B3-8AF5-852DB73756A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*",
"matchCriteriaId": "B88557E4-C793-4F6A-A3AE-07799B212ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*",
"matchCriteriaId": "8F88C231-60FE-42F3-87E9-23E88ADC7650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*",
"matchCriteriaId": "BD65F43C-98A9-46A1-BCC4-79ACB5F5C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A9F1C7-1C0A-42B1-91D3-676E03E64BB9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad sin especificar en la implementaci\u00f3n de MojoX::Dispatcher::Static en Mojolicious en versiones anteriores a v0.991250 tiene impacto y vectores de ataque no especificados"
}
],
"id": "CVE-2009-5074",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-03T00:55:00.890",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-04-08 00:15
Modified
2025-05-05 17:50
Severity ?
Summary
The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mojolicious | mojolicious | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "C3DC8788-5BF5-4B67-BDC1-12584F7A8467",
"versionEndExcluding": "9.11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service."
},
{
"lang": "es",
"value": "El m\u00f3dulo Mojolicious anterior a la versi\u00f3n 9.11 para Perl tiene un error en la detecci\u00f3n de formato que potencialmente puede explotarse para denegar el servicio."
}
],
"id": "CVE-2021-47208",
"lastModified": "2025-05-05T17:50:38.203",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-04-08T00:15:07.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/mojolicious/mojo/issues/1736"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/mojolicious/mojo/issues/1736"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-400"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-29 22:55
Modified
2025-04-11 00:51
Severity ?
Summary
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "083A2DA9-38BB-4AF8-9FF0-41101E830A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C11EC7-D91E-4F65-9C8A-801C724EDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33620B-2B78-4221-8067-15E8BC56865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC00B5-717B-4F7F-AD25-9754BEFD7221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E2469A-BE25-4D18-8E7D-F709DCB86FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB8742-9D5C-4831-BD2F-A24505B8E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA1476-123D-44D5-A1E8-D9C58F6D9949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479781F2-9614-4552-AE39-12AC41ABB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78D1279D-333D-4338-B4ED-07BB1900FB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D21184D-8823-4162-961D-8A7856557786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "538FC292-B6BF-4551-AE44-259E0B61B680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "574F7A7C-3986-401D-A58F-6C8F7D922002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDACD094-8117-460E-B7D1-E63EC00B97A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*",
"matchCriteriaId": "6965DAA1-FDD8-484B-873A-F6D13227FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*",
"matchCriteriaId": "9865E142-BB29-4718-BD85-F40E185BF31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*",
"matchCriteriaId": "9F667C15-3C89-49CD-800D-303A2677FC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*",
"matchCriteriaId": "8B301544-A38F-417C-BB94-E7711F8ED7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEBDEB2-3070-4633-A934-DDF49CBD10C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*",
"matchCriteriaId": "5875A25D-CC0E-43CF-B617-CEA99C65A52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C04B9B-DEA3-4161-8E6C-BBBBE9AF5444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F9699-7B1B-4356-B0EB-C942888AFEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*",
"matchCriteriaId": "A041B8EB-AD9E-452B-9A2E-22DBCD5CB091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE7A136-3975-400A-AB77-4BCD4669553A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*",
"matchCriteriaId": "FE628F19-D7C9-4E6D-BDC4-5C82CDE540E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*",
"matchCriteriaId": "26803A52-EAEC-4CD6-BB89-F1EF40B3021F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BC4454-3168-420B-9136-21FD18571526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*",
"matchCriteriaId": "A346280F-BA80-4FBA-BD15-6CA7A1ED8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*",
"matchCriteriaId": "B0376F10-8493-498D-9B5D-76AFE0F4417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*",
"matchCriteriaId": "69293BBF-7788-4462-AA6F-9D3A084D1B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*",
"matchCriteriaId": "31F30FA3-69EC-45B3-8AF5-852DB73756A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*",
"matchCriteriaId": "B88557E4-C793-4F6A-A3AE-07799B212ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*",
"matchCriteriaId": "8F88C231-60FE-42F3-87E9-23E88ADC7650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*",
"matchCriteriaId": "BD65F43C-98A9-46A1-BCC4-79ACB5F5C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A9F1C7-1C0A-42B1-91D3-676E03E64BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*",
"matchCriteriaId": "A886B4DC-30E9-4C41-A79A-96F309F343F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AEC3C-20F0-4BFB-B7B6-30336C631400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0521BF-A66D-4663-83C6-49E650454ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*",
"matchCriteriaId": "2C95BB3D-774C-4C71-9A3A-15938BA5CF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*",
"matchCriteriaId": "B583B413-4B8E-4FA3-9CD1-A650CEAB9449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC7A6F1-BD38-4119-B5A7-56A50EC6C9C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEFF843-57F4-4553-ABD3-7269A32A6DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7C4E6-5E3E-43CB-8F54-4AA5563EA98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB9879-D8B4-45CA-BF63-D4681C403818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE203A-CFB1-4317-879D-E6A44F063F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*",
"matchCriteriaId": "F7978FDA-7622-4041-BE9E-28F99A1FB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*",
"matchCriteriaId": "B0975B5B-5409-42F5-A50F-644A80F3E5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*",
"matchCriteriaId": "69AB9069-49F9-43B5-9F0F-04BBB145FD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*",
"matchCriteriaId": "77CA7A3A-254D-4154-8AFB-FA7BC4EB286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA8D9CE-BD9E-4BD2-B38C-909CCE0D3842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*",
"matchCriteriaId": "6DABFC81-F44C-46AB-B9CD-D35624F5071A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8BDB83-641B-4858-B00A-EEFC9F583050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*",
"matchCriteriaId": "D010713B-DE3E-4E76-8299-FF50D19ADA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*",
"matchCriteriaId": "92B83ECE-5D7C-417D-9957-976ECE8E2308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*",
"matchCriteriaId": "59E2E6AF-11DD-4C51-A84F-129D160ACAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*",
"matchCriteriaId": "E9590109-8DFC-4E78-B678-8456A0621C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD1031-0C3D-45F1-BFD9-823C6D4B69F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*",
"matchCriteriaId": "44059C1E-CDC6-4B75-92CC-CD45C5063F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*",
"matchCriteriaId": "6278FC7E-6852-46B1-9F38-58847391B2F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999927:*:*:*:*:*:*:*",
"matchCriteriaId": "88FDE0AA-B353-4CD8-BC9D-DFC709031FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999928:*:*:*:*:*:*:*",
"matchCriteriaId": "CABDE1E8-17E9-4EF5-91C7-9688B0F49AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999929:*:*:*:*:*:*:*",
"matchCriteriaId": "66454D2F-C566-4F3D-AF78-C3FE75A6C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999930:*:*:*:*:*:*:*",
"matchCriteriaId": "83E28BE4-60FE-46E9-8AA4-45B14A34E2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999931:*:*:*:*:*:*:*",
"matchCriteriaId": "914475F6-3C2F-4D15-8017-588763BF37E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999932:*:*:*:*:*:*:*",
"matchCriteriaId": "12806A34-36FA-4B19-B84E-7385A8EDB302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999933:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB41DB0-C61F-441F-A8C7-624845EE39ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999934:*:*:*:*:*:*:*",
"matchCriteriaId": "3762061D-FCC3-43EE-BC73-1BEF6BBC8980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999935:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE3BAE8-B78E-490E-90A7-8DF957D9CA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999936:*:*:*:*:*:*:*",
"matchCriteriaId": "C347C9AE-D2AA-4440-B506-1B692C7C52CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999937:*:*:*:*:*:*:*",
"matchCriteriaId": "62704DAC-BFE8-4D27-9F2E-FB8D70E43063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999938:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E1157-11FB-45FA-8E4A-53A3614B335D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999939:*:*:*:*:*:*:*",
"matchCriteriaId": "A9674613-3BDB-471E-A109-83FF1463FCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999940:*:*:*:*:*:*:*",
"matchCriteriaId": "DB59D0D0-E453-4700-9A96-9A452E5C90E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999941:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A3B80D-8BD9-4F01-AAA8-B50CB3084E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999950:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB14A8-635D-4652-9F76-E718F60D0FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD46D41-AE54-4223-A659-7E21EC0EC6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393D68B4-0E53-4973-80FF-F57CC470E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "151552D1-9D07-4424-863B-FC1948619799",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "A06E107C-680E-4032-9E4A-1A8A641BB0E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "B0950430-F9CC-4FF8-801B-62BDCEEDA356",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.13:*:*:*:*:*:*:*",
"matchCriteriaId": "1D6573B3-A92D-497E-8238-9F934C519A51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.14:*:*:*:*:*:*:*",
"matchCriteriaId": "C04F3413-81FB-4B48-8D43-FD7E367B711E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.15:*:*:*:*:*:*:*",
"matchCriteriaId": "40F11435-B786-44F2-9E6B-09E0C743913F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI."
},
{
"lang": "es",
"value": "Una vulnerabilidad de salto de directorio en Path.pm en Mojolicious antes de v1.16 permite a atacantes remotos leer archivos de su elecci\u00f3n a trav\u00e9s de un 2f%..%2f (barra punto punto barra) en una URI."
}
],
"id": "CVE-2011-1589",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-29T22:55:02.467",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"source": "secalert@redhat.com",
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44051"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44359"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/71850"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/47402"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://github.com/kraih/mojo/issues/114"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/44051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.osvdb.org/71850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/kraih/mojo/issues/114"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-05-03 11:15
Modified
2025-06-17 14:16
Severity ?
Summary
Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets.
When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mojolicious | mojolicious | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "18CB7F71-95D5-44DC-BD63-01394CC408B4",
"versionEndIncluding": "9.40",
"versionStartIncluding": "7.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets.\n\nWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application\u0027s configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application\u0027s sessions. This may allow an attacker to brute force the application\u0027s session keys."
},
{
"lang": "es",
"value": "Las versiones de Mojolicious de la 7.28 a la 9.39 para Perl pueden generar secretos de sesi\u00f3n HMAC d\u00e9biles. Al crear una aplicaci\u00f3n predeterminada con la herramienta \"mojo generate app\", se escribe un secreto d\u00e9bil en el archivo de configuraci\u00f3n de la aplicaci\u00f3n mediante la funci\u00f3n insegura rand(), que se utiliza para autenticar y proteger la integridad de las sesiones de la aplicaci\u00f3n. Esto podr\u00eda permitir a un atacante acceder por fuerza bruta a las claves de sesi\u00f3n de la aplicaci\u00f3n."
}
],
"id": "CVE-2024-58135",
"lastModified": "2025-06-17T14:16:05.757",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-05-03T11:15:48.037",
"references": [
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/hashcat/hashcat/pull/4090"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Exploit",
"Issue Tracking",
"Patch"
],
"url": "https://github.com/mojolicious/mojo/pull/2200"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Product"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Product"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Product"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Product"
],
"url": "https://perldoc.perl.org/functions/rand"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Technical Description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
}
],
"sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-338"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*",
"matchCriteriaId": "25683375-5B17-469D-AB89-A1A7E165948C",
"versionEndIncluding": "0.999926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "083A2DA9-38BB-4AF8-9FF0-41101E830A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C11EC7-D91E-4F65-9C8A-801C724EDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33620B-2B78-4221-8067-15E8BC56865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC00B5-717B-4F7F-AD25-9754BEFD7221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E2469A-BE25-4D18-8E7D-F709DCB86FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB8742-9D5C-4831-BD2F-A24505B8E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA1476-123D-44D5-A1E8-D9C58F6D9949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479781F2-9614-4552-AE39-12AC41ABB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78D1279D-333D-4338-B4ED-07BB1900FB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D21184D-8823-4162-961D-8A7856557786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "538FC292-B6BF-4551-AE44-259E0B61B680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "574F7A7C-3986-401D-A58F-6C8F7D922002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDACD094-8117-460E-B7D1-E63EC00B97A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*",
"matchCriteriaId": "6965DAA1-FDD8-484B-873A-F6D13227FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*",
"matchCriteriaId": "9865E142-BB29-4718-BD85-F40E185BF31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*",
"matchCriteriaId": "9F667C15-3C89-49CD-800D-303A2677FC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*",
"matchCriteriaId": "8B301544-A38F-417C-BB94-E7711F8ED7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEBDEB2-3070-4633-A934-DDF49CBD10C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*",
"matchCriteriaId": "5875A25D-CC0E-43CF-B617-CEA99C65A52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C04B9B-DEA3-4161-8E6C-BBBBE9AF5444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F9699-7B1B-4356-B0EB-C942888AFEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*",
"matchCriteriaId": "A041B8EB-AD9E-452B-9A2E-22DBCD5CB091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE7A136-3975-400A-AB77-4BCD4669553A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*",
"matchCriteriaId": "FE628F19-D7C9-4E6D-BDC4-5C82CDE540E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*",
"matchCriteriaId": "26803A52-EAEC-4CD6-BB89-F1EF40B3021F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BC4454-3168-420B-9136-21FD18571526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*",
"matchCriteriaId": "A346280F-BA80-4FBA-BD15-6CA7A1ED8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*",
"matchCriteriaId": "B0376F10-8493-498D-9B5D-76AFE0F4417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*",
"matchCriteriaId": "69293BBF-7788-4462-AA6F-9D3A084D1B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*",
"matchCriteriaId": "31F30FA3-69EC-45B3-8AF5-852DB73756A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*",
"matchCriteriaId": "B88557E4-C793-4F6A-A3AE-07799B212ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*",
"matchCriteriaId": "8F88C231-60FE-42F3-87E9-23E88ADC7650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*",
"matchCriteriaId": "BD65F43C-98A9-46A1-BCC4-79ACB5F5C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A9F1C7-1C0A-42B1-91D3-676E03E64BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*",
"matchCriteriaId": "A886B4DC-30E9-4C41-A79A-96F309F343F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AEC3C-20F0-4BFB-B7B6-30336C631400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0521BF-A66D-4663-83C6-49E650454ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*",
"matchCriteriaId": "2C95BB3D-774C-4C71-9A3A-15938BA5CF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*",
"matchCriteriaId": "B583B413-4B8E-4FA3-9CD1-A650CEAB9449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC7A6F1-BD38-4119-B5A7-56A50EC6C9C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEFF843-57F4-4553-ABD3-7269A32A6DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7C4E6-5E3E-43CB-8F54-4AA5563EA98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB9879-D8B4-45CA-BF63-D4681C403818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE203A-CFB1-4317-879D-E6A44F063F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*",
"matchCriteriaId": "F7978FDA-7622-4041-BE9E-28F99A1FB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*",
"matchCriteriaId": "B0975B5B-5409-42F5-A50F-644A80F3E5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*",
"matchCriteriaId": "69AB9069-49F9-43B5-9F0F-04BBB145FD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*",
"matchCriteriaId": "77CA7A3A-254D-4154-8AFB-FA7BC4EB286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA8D9CE-BD9E-4BD2-B38C-909CCE0D3842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*",
"matchCriteriaId": "6DABFC81-F44C-46AB-B9CD-D35624F5071A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8BDB83-641B-4858-B00A-EEFC9F583050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*",
"matchCriteriaId": "D010713B-DE3E-4E76-8299-FF50D19ADA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*",
"matchCriteriaId": "92B83ECE-5D7C-417D-9957-976ECE8E2308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*",
"matchCriteriaId": "59E2E6AF-11DD-4C51-A84F-129D160ACAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*",
"matchCriteriaId": "E9590109-8DFC-4E78-B678-8456A0621C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD1031-0C3D-45F1-BFD9-823C6D4B69F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*",
"matchCriteriaId": "44059C1E-CDC6-4B75-92CC-CD45C5063F9D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
},
{
"lang": "es",
"value": "Mojolicious antes de v0.999927 no aplica adecuadamente las sumas de comprobaci\u00f3n HMAC - MD5, lo cual tiene un impacto sin especificar y vectores de ataque remotos"
}
],
"id": "CVE-2010-4803",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-03T00:55:00.997",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"source": "cve@mitre.org",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2175D9E0-1851-4C06-85F5-A316C80F6C1A",
"versionEndIncluding": "1.11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "083A2DA9-38BB-4AF8-9FF0-41101E830A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C11EC7-D91E-4F65-9C8A-801C724EDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33620B-2B78-4221-8067-15E8BC56865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC00B5-717B-4F7F-AD25-9754BEFD7221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E2469A-BE25-4D18-8E7D-F709DCB86FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB8742-9D5C-4831-BD2F-A24505B8E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA1476-123D-44D5-A1E8-D9C58F6D9949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479781F2-9614-4552-AE39-12AC41ABB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78D1279D-333D-4338-B4ED-07BB1900FB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D21184D-8823-4162-961D-8A7856557786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "538FC292-B6BF-4551-AE44-259E0B61B680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "574F7A7C-3986-401D-A58F-6C8F7D922002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDACD094-8117-460E-B7D1-E63EC00B97A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*",
"matchCriteriaId": "6965DAA1-FDD8-484B-873A-F6D13227FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*",
"matchCriteriaId": "9865E142-BB29-4718-BD85-F40E185BF31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*",
"matchCriteriaId": "9F667C15-3C89-49CD-800D-303A2677FC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*",
"matchCriteriaId": "8B301544-A38F-417C-BB94-E7711F8ED7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEBDEB2-3070-4633-A934-DDF49CBD10C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*",
"matchCriteriaId": "5875A25D-CC0E-43CF-B617-CEA99C65A52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C04B9B-DEA3-4161-8E6C-BBBBE9AF5444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F9699-7B1B-4356-B0EB-C942888AFEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*",
"matchCriteriaId": "A041B8EB-AD9E-452B-9A2E-22DBCD5CB091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE7A136-3975-400A-AB77-4BCD4669553A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*",
"matchCriteriaId": "FE628F19-D7C9-4E6D-BDC4-5C82CDE540E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*",
"matchCriteriaId": "26803A52-EAEC-4CD6-BB89-F1EF40B3021F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BC4454-3168-420B-9136-21FD18571526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*",
"matchCriteriaId": "A346280F-BA80-4FBA-BD15-6CA7A1ED8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*",
"matchCriteriaId": "B0376F10-8493-498D-9B5D-76AFE0F4417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*",
"matchCriteriaId": "69293BBF-7788-4462-AA6F-9D3A084D1B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*",
"matchCriteriaId": "31F30FA3-69EC-45B3-8AF5-852DB73756A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*",
"matchCriteriaId": "B88557E4-C793-4F6A-A3AE-07799B212ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*",
"matchCriteriaId": "8F88C231-60FE-42F3-87E9-23E88ADC7650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*",
"matchCriteriaId": "BD65F43C-98A9-46A1-BCC4-79ACB5F5C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A9F1C7-1C0A-42B1-91D3-676E03E64BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*",
"matchCriteriaId": "A886B4DC-30E9-4C41-A79A-96F309F343F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AEC3C-20F0-4BFB-B7B6-30336C631400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0521BF-A66D-4663-83C6-49E650454ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*",
"matchCriteriaId": "2C95BB3D-774C-4C71-9A3A-15938BA5CF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*",
"matchCriteriaId": "B583B413-4B8E-4FA3-9CD1-A650CEAB9449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC7A6F1-BD38-4119-B5A7-56A50EC6C9C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEFF843-57F4-4553-ABD3-7269A32A6DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7C4E6-5E3E-43CB-8F54-4AA5563EA98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB9879-D8B4-45CA-BF63-D4681C403818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE203A-CFB1-4317-879D-E6A44F063F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*",
"matchCriteriaId": "F7978FDA-7622-4041-BE9E-28F99A1FB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*",
"matchCriteriaId": "B0975B5B-5409-42F5-A50F-644A80F3E5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*",
"matchCriteriaId": "69AB9069-49F9-43B5-9F0F-04BBB145FD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*",
"matchCriteriaId": "77CA7A3A-254D-4154-8AFB-FA7BC4EB286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA8D9CE-BD9E-4BD2-B38C-909CCE0D3842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*",
"matchCriteriaId": "6DABFC81-F44C-46AB-B9CD-D35624F5071A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8BDB83-641B-4858-B00A-EEFC9F583050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*",
"matchCriteriaId": "D010713B-DE3E-4E76-8299-FF50D19ADA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*",
"matchCriteriaId": "92B83ECE-5D7C-417D-9957-976ECE8E2308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*",
"matchCriteriaId": "59E2E6AF-11DD-4C51-A84F-129D160ACAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*",
"matchCriteriaId": "E9590109-8DFC-4E78-B678-8456A0621C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD1031-0C3D-45F1-BFD9-823C6D4B69F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*",
"matchCriteriaId": "44059C1E-CDC6-4B75-92CC-CD45C5063F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*",
"matchCriteriaId": "6278FC7E-6852-46B1-9F38-58847391B2F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999927:*:*:*:*:*:*:*",
"matchCriteriaId": "88FDE0AA-B353-4CD8-BC9D-DFC709031FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999928:*:*:*:*:*:*:*",
"matchCriteriaId": "CABDE1E8-17E9-4EF5-91C7-9688B0F49AE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999929:*:*:*:*:*:*:*",
"matchCriteriaId": "66454D2F-C566-4F3D-AF78-C3FE75A6C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999930:*:*:*:*:*:*:*",
"matchCriteriaId": "83E28BE4-60FE-46E9-8AA4-45B14A34E2CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999931:*:*:*:*:*:*:*",
"matchCriteriaId": "914475F6-3C2F-4D15-8017-588763BF37E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999932:*:*:*:*:*:*:*",
"matchCriteriaId": "12806A34-36FA-4B19-B84E-7385A8EDB302",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999933:*:*:*:*:*:*:*",
"matchCriteriaId": "DAB41DB0-C61F-441F-A8C7-624845EE39ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999934:*:*:*:*:*:*:*",
"matchCriteriaId": "3762061D-FCC3-43EE-BC73-1BEF6BBC8980",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999935:*:*:*:*:*:*:*",
"matchCriteriaId": "8FE3BAE8-B78E-490E-90A7-8DF957D9CA7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999936:*:*:*:*:*:*:*",
"matchCriteriaId": "C347C9AE-D2AA-4440-B506-1B692C7C52CD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999937:*:*:*:*:*:*:*",
"matchCriteriaId": "62704DAC-BFE8-4D27-9F2E-FB8D70E43063",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999938:*:*:*:*:*:*:*",
"matchCriteriaId": "3C3E1157-11FB-45FA-8E4A-53A3614B335D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999939:*:*:*:*:*:*:*",
"matchCriteriaId": "A9674613-3BDB-471E-A109-83FF1463FCAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999940:*:*:*:*:*:*:*",
"matchCriteriaId": "DB59D0D0-E453-4700-9A96-9A452E5C90E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999941:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A3B80D-8BD9-4F01-AAA8-B50CB3084E41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999950:*:*:*:*:*:*:*",
"matchCriteriaId": "EBCB14A8-635D-4652-9F76-E718F60D0FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FD46D41-AE54-4223-A659-7E21EC0EC6A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "393D68B4-0E53-4973-80FF-F57CC470E16B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "151552D1-9D07-4424-863B-FC1948619799",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la ayuda de link_to en Mojolicious en versiones anteriores a v1.12 , permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de par\u00e1metros sin especificar\r\n"
}
],
"id": "CVE-2011-1841",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2011-05-03T00:55:01.030",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/47713"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/47713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-03 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F470698D-3499-4C75-B4CE-FAA0E7BCE5D7",
"versionEndIncluding": "0.999927",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "083A2DA9-38BB-4AF8-9FF0-41101E830A0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C11EC7-D91E-4F65-9C8A-801C724EDBBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "BC33620B-2B78-4221-8067-15E8BC56865A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "69AC00B5-717B-4F7F-AD25-9754BEFD7221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2E2469A-BE25-4D18-8E7D-F709DCB86FCF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "02BB8742-9D5C-4831-BD2F-A24505B8E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA1476-123D-44D5-A1E8-D9C58F6D9949",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "479781F2-9614-4552-AE39-12AC41ABB3AD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78D1279D-333D-4338-B4ED-07BB1900FB0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0D21184D-8823-4162-961D-8A7856557786",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "538FC292-B6BF-4551-AE44-259E0B61B680",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "574F7A7C-3986-401D-A58F-6C8F7D922002",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BDACD094-8117-460E-B7D1-E63EC00B97A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*",
"matchCriteriaId": "6965DAA1-FDD8-484B-873A-F6D13227FAD0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*",
"matchCriteriaId": "9865E142-BB29-4718-BD85-F40E185BF31E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*",
"matchCriteriaId": "9F667C15-3C89-49CD-800D-303A2677FC36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*",
"matchCriteriaId": "8B301544-A38F-417C-BB94-E7711F8ED7C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*",
"matchCriteriaId": "ADEBDEB2-3070-4633-A934-DDF49CBD10C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*",
"matchCriteriaId": "5875A25D-CC0E-43CF-B617-CEA99C65A52A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*",
"matchCriteriaId": "D8C04B9B-DEA3-4161-8E6C-BBBBE9AF5444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*",
"matchCriteriaId": "EE5F9699-7B1B-4356-B0EB-C942888AFEE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*",
"matchCriteriaId": "A041B8EB-AD9E-452B-9A2E-22DBCD5CB091",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*",
"matchCriteriaId": "4BE7A136-3975-400A-AB77-4BCD4669553A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*",
"matchCriteriaId": "FE628F19-D7C9-4E6D-BDC4-5C82CDE540E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*",
"matchCriteriaId": "26803A52-EAEC-4CD6-BB89-F1EF40B3021F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*",
"matchCriteriaId": "B7BC4454-3168-420B-9136-21FD18571526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*",
"matchCriteriaId": "A346280F-BA80-4FBA-BD15-6CA7A1ED8D8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*",
"matchCriteriaId": "B0376F10-8493-498D-9B5D-76AFE0F4417A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*",
"matchCriteriaId": "69293BBF-7788-4462-AA6F-9D3A084D1B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*",
"matchCriteriaId": "31F30FA3-69EC-45B3-8AF5-852DB73756A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*",
"matchCriteriaId": "B88557E4-C793-4F6A-A3AE-07799B212ECB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*",
"matchCriteriaId": "8F88C231-60FE-42F3-87E9-23E88ADC7650",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*",
"matchCriteriaId": "BD65F43C-98A9-46A1-BCC4-79ACB5F5C6B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A9F1C7-1C0A-42B1-91D3-676E03E64BB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*",
"matchCriteriaId": "A886B4DC-30E9-4C41-A79A-96F309F343F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*",
"matchCriteriaId": "C28AEC3C-20F0-4BFB-B7B6-30336C631400",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*",
"matchCriteriaId": "7D0521BF-A66D-4663-83C6-49E650454ED5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*",
"matchCriteriaId": "2C95BB3D-774C-4C71-9A3A-15938BA5CF6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*",
"matchCriteriaId": "B583B413-4B8E-4FA3-9CD1-A650CEAB9449",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC7A6F1-BD38-4119-B5A7-56A50EC6C9C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*",
"matchCriteriaId": "2DEFF843-57F4-4553-ABD3-7269A32A6DE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A7C4E6-5E3E-43CB-8F54-4AA5563EA98C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*",
"matchCriteriaId": "C6CB9879-D8B4-45CA-BF63-D4681C403818",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*",
"matchCriteriaId": "66EE203A-CFB1-4317-879D-E6A44F063F66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*",
"matchCriteriaId": "F7978FDA-7622-4041-BE9E-28F99A1FB16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*",
"matchCriteriaId": "B0975B5B-5409-42F5-A50F-644A80F3E5F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*",
"matchCriteriaId": "69AB9069-49F9-43B5-9F0F-04BBB145FD7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*",
"matchCriteriaId": "77CA7A3A-254D-4154-8AFB-FA7BC4EB286A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA8D9CE-BD9E-4BD2-B38C-909CCE0D3842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*",
"matchCriteriaId": "6DABFC81-F44C-46AB-B9CD-D35624F5071A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*",
"matchCriteriaId": "DE8BDB83-641B-4858-B00A-EEFC9F583050",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*",
"matchCriteriaId": "D010713B-DE3E-4E76-8299-FF50D19ADA45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*",
"matchCriteriaId": "92B83ECE-5D7C-417D-9957-976ECE8E2308",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*",
"matchCriteriaId": "59E2E6AF-11DD-4C51-A84F-129D160ACAFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*",
"matchCriteriaId": "E9590109-8DFC-4E78-B678-8456A0621C08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*",
"matchCriteriaId": "03FD1031-0C3D-45F1-BFD9-823C6D4B69F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*",
"matchCriteriaId": "44059C1E-CDC6-4B75-92CC-CD45C5063F9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*",
"matchCriteriaId": "6278FC7E-6852-46B1-9F38-58847391B2F9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
},
{
"lang": "es",
"value": "Commands.pm en Mojolicious en versiones anteriores a v0.999928 no realiza una detecci\u00f3n adecuada de entornos CGI, lo cual tiene un impacto no especificado y vectores de ataque remoto."
}
],
"id": "CVE-2010-4802",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-03T00:55:00.950",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"source": "cve@mitre.org",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-58135 (GCVE-0-2024-58135)
Vulnerability from cvelistv5
Published
2025-05-03 10:16
Modified
2025-05-12 18:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Summary
Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets.
When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SRI | Mojolicious |
Version: 7.28 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-58135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:58:51.652027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:06:35.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Mojolicious",
"product": "Mojolicious",
"programFiles": [
"lib/Mojolicious/Command/Author/generate/app.pm",
"lib/Mojo/Util.pm",
"lib/Mojolicious/Command/generate/app.pm"
],
"programRoutines": [
{
"name": "Mojolicious::Command::Author::generate::app::run()"
},
{
"name": "Mojo::Util::generate_secret()"
}
],
"repo": "https://github.com/mojolicious/mojo",
"vendor": "SRI",
"versions": [
{
"lessThanOrEqual": "9.40",
"status": "affected",
"version": "7.28",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets.\u003cbr\u003e\u003cbr\u003eWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application\u0027s configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application\u0027s sessions. This may allow an attacker to brute force the application\u0027s session keys."
}
],
"value": "Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets.\n\nWhen creating a default app with the \"mojo generate app\" tool, a weak secret is written to the application\u0027s configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application\u0027s sessions. This may allow an attacker to brute force the application\u0027s session keys."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T18:11:07.373Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://perldoc.perl.org/functions/rand"
},
{
"url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181"
},
{
"url": "https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202"
},
{
"url": "https://github.com/mojolicious/mojo/pull/2200"
},
{
"url": "https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220"
},
{
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"url": "https://github.com/hashcat/hashcat/pull/4090"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that your secret, stored in the application\u0027s configuration file, is at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command."
}
],
"value": "Ensure that your secret, stored in the application\u0027s configuration file, is at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command."
},
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "As of version 9.39 of Mojolicious, if a CryptX distribution of version 0.080 or later is available in the include path before calling the \"mojo generate app\" tool, then a secure 1024 bit long secret will be generated."
}
],
"value": "As of version 9.39 of Mojolicious, if a CryptX distribution of version 0.080 or later is available in the include path before calling the \"mojo generate app\" tool, then a secure 1024 bit long secret will be generated."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-58135",
"datePublished": "2025-05-03T10:16:10.636Z",
"dateReserved": "2025-04-07T16:06:37.226Z",
"dateUpdated": "2025-05-12T18:11:07.373Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1589 (GCVE-0-2011-1589)
Vulnerability from cvelistv5
Published
2011-04-29 22:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"name": "DSA-2221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"name": "ADV-2011-1072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/issues/114"
},
{
"name": "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"name": "FEDORA-2011-5505",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"name": "44359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"name": "44051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "ADV-2011-1093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"name": "71850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71850"
},
{
"name": "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"name": "47402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47402"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"name": "mojolicious-url-directory-traversal(66830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"name": "[oss-security] 20110418 CVE request: Mojolicious",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"name": "FEDORA-2011-5504",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"name": "DSA-2221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"name": "ADV-2011-1072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/issues/114"
},
{
"name": "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"name": "FEDORA-2011-5505",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"name": "44359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"name": "44051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "ADV-2011-1093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"name": "71850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71850"
},
{
"name": "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"name": "47402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47402"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"name": "mojolicious-url-directory-traversal(66830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"name": "[oss-security] 20110418 CVE request: Mojolicious",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"name": "FEDORA-2011-5504",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1589",
"datePublished": "2011-04-29T22:00:00",
"dateReserved": "2011-04-05T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5074 (GCVE-0-2009-5074)
Vulnerability from cvelistv5
Published
2011-05-03 00:03
Modified
2024-09-16 22:25
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.
References
| ► | URL | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-03T00:03:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5074",
"datePublished": "2011-05-03T00:03:00Z",
"dateReserved": "2011-05-02T00:00:00Z",
"dateUpdated": "2024-09-16T22:25:37.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1841 (GCVE-0-2011-1841)
Vulnerability from cvelistv5
Published
2011-05-03 00:03
Modified
2024-08-06 22:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "mojolicious-linktohelper-xss(67257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "mojolicious-linktohelper-xss(67257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "mojolicious-linktohelper-xss(67257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1841",
"datePublished": "2011-05-03T00:03:00",
"dateReserved": "2011-05-02T00:00:00",
"dateUpdated": "2024-08-06T22:37:25.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4802 (GCVE-0-2010-4802)
Vulnerability from cvelistv5
Published
2011-05-03 00:03
Modified
2024-08-07 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"name": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4802",
"datePublished": "2011-05-03T00:03:00",
"dateReserved": "2011-05-02T00:00:00",
"dateUpdated": "2024-08-07T04:02:29.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-47208 (GCVE-0-2021-47208)
Vulnerability from cvelistv5
Published
2024-04-07 00:00
Modified
2025-03-20 14:00
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mojolicious",
"vendor": "mojolicious",
"versions": [
{
"lessThan": "9.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:38:01.587080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T14:00:47.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mojolicious/mojo/issues/1736"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T23:58:13.405Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mojolicious/mojo/issues/1736"
},
{
"url": "https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-47208",
"datePublished": "2024-04-07T00:00:00.000Z",
"dateReserved": "2024-04-07T00:00:00.000Z",
"dateUpdated": "2025-03-20T14:00:47.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4803 (GCVE-0-2010-4803)
Vulnerability from cvelistv5
Published
2011-05-03 00:03
Modified
2024-08-07 04:02
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-27T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4803",
"datePublished": "2011-05-03T00:03:00",
"dateReserved": "2011-05-02T00:00:00",
"dateUpdated": "2024-08-07T04:02:29.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58134 (GCVE-0-2024-58134)
Vulnerability from cvelistv5
Published
2025-05-03 16:08
Modified
2025-05-12 18:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.
These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SRI | Mojolicious |
Version: 0.999922 < |
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-58134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T15:57:49.444238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T16:00:28.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Mojolicious",
"product": "Mojolicious",
"programFiles": [
"lib/Mojolicious.pm"
],
"programRoutines": [
{
"name": "secrets()"
}
],
"repo": "https://github.com/mojolicious/mojo",
"vendor": "SRI",
"versions": [
{
"lessThanOrEqual": "9.40",
"status": "affected",
"version": "0.999922",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Antoine Cervoise from Synacktiv"
},
{
"lang": "en",
"type": "analyst",
"value": "Jakub Kramarz"
},
{
"lang": "en",
"type": "analyst",
"value": "Lukas Atkinson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application\u0027s class name, as a HMAC session secret by default.\u003cbr\u003e\u003cbr\u003eThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session.\u003cbr\u003e"
}
],
"value": "Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application\u0027s class name, as a HMAC session secret by default.\n\nThese predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T18:10:58.672Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"url": "https://github.com/mojolicious/mojo/pull/1791"
},
{
"url": "https://github.com/mojolicious/mojo/pull/2200"
},
{
"url": "https://www.synacktiv.com/publications/baking-mojolicious-cookies"
},
{
"url": "https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802"
},
{
"url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51"
},
{
"url": "https://github.com/hashcat/hashcat/pull/4090"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application\u0027s class name, as a HMAC session secret by default",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that your Mojolicious application uses a unique secret of at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command.\u003cbr\u003e"
}
],
"value": "Ensure that your Mojolicious application uses a unique secret of at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-58134",
"datePublished": "2025-05-03T16:08:55.042Z",
"dateReserved": "2025-04-07T16:06:37.226Z",
"dateUpdated": "2025-05-12T18:10:58.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}