MidnightBSD

Advisories for mojolicious

CVE-2009-5074 HIGH

Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
mojolicious mojolicious 0.991241
mojolicious mojolicious 0.9002
mojolicious mojolicious 0.991238
mojolicious mojolicious 0.991231
mojolicious mojolicious 0.991244
mojolicious mojolicious 0.6
mojolicious mojolicious 0.8.3
mojolicious mojolicious 0.9001
mojolicious mojolicious 0.8.4
mojolicious mojolicious 0.8006
mojolicious mojolicious 0.991242
mojolicious mojolicious 0.991233
mojolicious mojolicious 0.3
mojolicious mojolicious 0.8008
mojolicious mojolicious 0.2
mojolicious mojolicious 0.991232
mojolicious mojolicious 0.991235
mojolicious mojolicious 0.991234
mojolicious mojolicious 0.991245
mojolicious mojolicious 0.7
mojolicious mojolicious *
mojolicious mojolicious 0.4
mojolicious mojolicious 0.8.1
mojolicious mojolicious 0.8009
mojolicious mojolicious 0.8
mojolicious mojolicious 0.991237
mojolicious mojolicious 0.991240
mojolicious mojolicious 0.8.5
mojolicious mojolicious 0.991236
mojolicious mojolicious 0.5
mojolicious mojolicious 0.8007
mojolicious mojolicious 0.991239
mojolicious mojolicious 0.991243
mojolicious mojolicious 0.9
mojolicious mojolicious 0.8.2
CVE-2010-4802 HIGH

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mojolicious mojolicious 0.991244
mojolicious mojolicious 0.6
mojolicious mojolicious 0.8.3
mojolicious mojolicious 0.991242
mojolicious mojolicious 0.999924
mojolicious mojolicious 0.991250
mojolicious mojolicious 0.999923
mojolicious mojolicious 0.991232
mojolicious mojolicious 0.991235
mojolicious mojolicious 0.991246
mojolicious mojolicious 0.999911
mojolicious mojolicious 0.999922
mojolicious mojolicious 0.999906
mojolicious mojolicious 0.4
mojolicious mojolicious 0.8.1
mojolicious mojolicious 0.8.5
mojolicious mojolicious 0.999909
mojolicious mojolicious 0.5
mojolicious mojolicious 0.999902
mojolicious mojolicious 0.999908
mojolicious mojolicious 0.8.2
mojolicious mojolicious 0.991241
mojolicious mojolicious 0.9002
mojolicious mojolicious 0.999921
mojolicious mojolicious 0.999925
mojolicious mojolicious 0.991238
mojolicious mojolicious 0.999920
mojolicious mojolicious 0.999926
mojolicious mojolicious 0.991231
mojolicious mojolicious 0.9001
mojolicious mojolicious 0.8.4
mojolicious mojolicious 0.8006
mojolicious mojolicious 0.991233
mojolicious mojolicious 0.3
mojolicious mojolicious 0.8008
mojolicious mojolicious 0.2
mojolicious mojolicious 0.999910
mojolicious mojolicious 0.991234
mojolicious mojolicious 0.999913
mojolicious mojolicious 0.991245
mojolicious mojolicious 0.999901
mojolicious mojolicious 0.7
mojolicious mojolicious 0.999912
mojolicious mojolicious *
mojolicious mojolicious 0.8009
mojolicious mojolicious 0.999907
mojolicious mojolicious 0.991251
mojolicious mojolicious 0.999904
mojolicious mojolicious 0.8
mojolicious mojolicious 0.991237
mojolicious mojolicious 0.991240
mojolicious mojolicious 0.991236
mojolicious mojolicious 0.999914
mojolicious mojolicious 0.8007
mojolicious mojolicious 0.991239
mojolicious mojolicious 0.991243
mojolicious mojolicious 0.999905
mojolicious mojolicious 0.999903
mojolicious mojolicious 0.9
CVE-2010-4803 HIGH

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,

Products Affected

Vendor Product Version
mojolicious mojolicious 0.991244
mojolicious mojolicious 0.6
mojolicious mojolicious 0.8.3
mojolicious mojolicious 0.991242
mojolicious mojolicious 0.999924
mojolicious mojolicious 0.991250
mojolicious mojolicious 0.999923
mojolicious mojolicious 0.991232
mojolicious mojolicious 0.991235
mojolicious mojolicious 0.991246
mojolicious mojolicious 0.999911
mojolicious mojolicious 0.999922
mojolicious mojolicious 0.999906
mojolicious mojolicious 0.4
mojolicious mojolicious 0.8.1
mojolicious mojolicious 0.8.5
mojolicious mojolicious 0.999909
mojolicious mojolicious 0.5
mojolicious mojolicious 0.999902
mojolicious mojolicious 0.999908
mojolicious mojolicious 0.8.2
mojolicious mojolicious 0.991241
mojolicious mojolicious 0.9002
mojolicious mojolicious 0.999921
mojolicious mojolicious 0.999925
mojolicious mojolicious 0.991238
mojolicious mojolicious 0.999920
mojolicious mojolicious 0.991231
mojolicious mojolicious 0.9001
mojolicious mojolicious 0.8.4
mojolicious mojolicious 0.8006
mojolicious mojolicious 0.991233
mojolicious mojolicious 0.3
mojolicious mojolicious 0.8008
mojolicious mojolicious 0.2
mojolicious mojolicious 0.999910
mojolicious mojolicious 0.991234
mojolicious mojolicious 0.999913
mojolicious mojolicious 0.991245
mojolicious mojolicious 0.999901
mojolicious mojolicious 0.7
mojolicious mojolicious 0.999912
mojolicious mojolicious *
mojolicious mojolicious 0.8009
mojolicious mojolicious 0.999907
mojolicious mojolicious 0.991251
mojolicious mojolicious 0.999904
mojolicious mojolicious 0.8
mojolicious mojolicious 0.991237
mojolicious mojolicious 0.991240
mojolicious mojolicious 0.991236
mojolicious mojolicious 0.999914
mojolicious mojolicious 0.8007
mojolicious mojolicious 0.991239
mojolicious mojolicious 0.991243
mojolicious mojolicious 0.999905
mojolicious mojolicious 0.999903
mojolicious mojolicious 0.9
CVE-2011-1589 MEDIUM

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-22,

Products Affected

Vendor Product Version
mojolicious mojolicious 0.991244
mojolicious mojolicious 0.6
mojolicious mojolicious 0.8.3
mojolicious mojolicious 0.991242
mojolicious mojolicious 0.999924
mojolicious mojolicious 0.991250
mojolicious mojolicious 0.999923
mojolicious mojolicious 1.0
mojolicious mojolicious 0.991232
mojolicious mojolicious 0.999935
mojolicious mojolicious 0.999940
mojolicious mojolicious 0.991235
mojolicious mojolicious 0.991246
mojolicious mojolicious 0.999911
mojolicious mojolicious 0.999922
mojolicious mojolicious 0.999938
mojolicious mojolicious 1.1
mojolicious mojolicious 0.999906
mojolicious mojolicious 0.999928
mojolicious mojolicious 0.4
mojolicious mojolicious 0.8.1
mojolicious mojolicious 1.13
mojolicious mojolicious 0.8.5
mojolicious mojolicious 0.999941
mojolicious mojolicious 0.999909
mojolicious mojolicious 0.5
mojolicious mojolicious 0.999902
mojolicious mojolicious 0.999936
mojolicious mojolicious 0.999950
mojolicious mojolicious 0.999908
mojolicious mojolicious 0.8.2
mojolicious mojolicious 0.999930
mojolicious mojolicious 0.999939
mojolicious mojolicious 0.991241
mojolicious mojolicious 0.9002
mojolicious mojolicious 0.999921
mojolicious mojolicious 0.999925
mojolicious mojolicious 0.991238
mojolicious mojolicious 0.999920
mojolicious mojolicious 0.999931
mojolicious mojolicious 0.999926
mojolicious mojolicious 0.991231
mojolicious mojolicious 1.11
mojolicious mojolicious 0.9001
mojolicious mojolicious 0.8.4
mojolicious mojolicious 1.14
mojolicious mojolicious 0.8006
mojolicious mojolicious 0.991233
mojolicious mojolicious 0.3
mojolicious mojolicious 0.8008
mojolicious mojolicious 0.2
mojolicious mojolicious 0.999910
mojolicious mojolicious 0.991234
mojolicious mojolicious 0.999913
mojolicious mojolicious 1.01
mojolicious mojolicious 0.991245
mojolicious mojolicious 0.999901
mojolicious mojolicious 0.7
mojolicious mojolicious 0.999912
mojolicious mojolicious 0.8009
mojolicious mojolicious 0.999907
mojolicious mojolicious 0.991251
mojolicious mojolicious 0.999904
mojolicious mojolicious 0.999927
mojolicious mojolicious 0.8
mojolicious mojolicious 0.991237
mojolicious mojolicious 0.991240
mojolicious mojolicious 0.991236
mojolicious mojolicious 0.999914
mojolicious mojolicious 0.999933
mojolicious mojolicious 1.15
mojolicious mojolicious 1.12
mojolicious mojolicious 0.999937
mojolicious mojolicious 0.8007
mojolicious mojolicious 0.991239
mojolicious mojolicious 0.991243
mojolicious mojolicious 0.999905
mojolicious mojolicious 0.999903
mojolicious mojolicious 0.9
mojolicious mojolicious 0.999932
mojolicious mojolicious 0.999929
mojolicious mojolicious 0.999934
CVE-2011-1841 MEDIUM

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
mojolicious mojolicious 0.991244
mojolicious mojolicious 0.6
mojolicious mojolicious 0.8.3
mojolicious mojolicious 0.991242
mojolicious mojolicious 0.999924
mojolicious mojolicious 0.991250
mojolicious mojolicious 0.999923
mojolicious mojolicious 1.0
mojolicious mojolicious 0.991232
mojolicious mojolicious 0.999935
mojolicious mojolicious 0.999940
mojolicious mojolicious 0.991235
mojolicious mojolicious 0.991246
mojolicious mojolicious 0.999911
mojolicious mojolicious 0.999922
mojolicious mojolicious 0.999938
mojolicious mojolicious 1.1
mojolicious mojolicious 0.999906
mojolicious mojolicious 0.999928
mojolicious mojolicious 0.4
mojolicious mojolicious 0.8.1
mojolicious mojolicious 0.8.5
mojolicious mojolicious 0.999941
mojolicious mojolicious 0.999909
mojolicious mojolicious 0.5
mojolicious mojolicious 0.999902
mojolicious mojolicious 0.999936
mojolicious mojolicious 0.999950
mojolicious mojolicious 0.999908
mojolicious mojolicious 0.8.2
mojolicious mojolicious 0.999930
mojolicious mojolicious 0.999939
mojolicious mojolicious 0.991241
mojolicious mojolicious 0.9002
mojolicious mojolicious 0.999921
mojolicious mojolicious 0.999925
mojolicious mojolicious 0.991238
mojolicious mojolicious 0.999920
mojolicious mojolicious 0.999931
mojolicious mojolicious 0.999926
mojolicious mojolicious 0.991231
mojolicious mojolicious 0.9001
mojolicious mojolicious 0.8.4
mojolicious mojolicious 0.8006
mojolicious mojolicious 0.991233
mojolicious mojolicious 0.3
mojolicious mojolicious 0.8008
mojolicious mojolicious 0.2
mojolicious mojolicious 0.999910
mojolicious mojolicious 0.991234
mojolicious mojolicious 0.999913
mojolicious mojolicious 1.01
mojolicious mojolicious 0.991245
mojolicious mojolicious 0.999901
mojolicious mojolicious 0.7
mojolicious mojolicious 0.999912
mojolicious mojolicious *
mojolicious mojolicious 0.8009
mojolicious mojolicious 0.999907
mojolicious mojolicious 0.991251
mojolicious mojolicious 0.999904
mojolicious mojolicious 0.999927
mojolicious mojolicious 0.8
mojolicious mojolicious 0.991237
mojolicious mojolicious 0.991240
mojolicious mojolicious 0.991236
mojolicious mojolicious 0.999914
mojolicious mojolicious 0.999933
mojolicious mojolicious 0.999937
mojolicious mojolicious 0.8007
mojolicious mojolicious 0.991239
mojolicious mojolicious 0.991243
mojolicious mojolicious 0.999905
mojolicious mojolicious 0.999903
mojolicious mojolicious 0.9
mojolicious mojolicious 0.999932
mojolicious mojolicious 0.999929
mojolicious mojolicious 0.999934
CVE-2021-47208

The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.

Products Affected

Vendor Product Version
mojolicious mojolicious *
CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies.  An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.1 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N 2.8 5.2

Products Affected

Vendor Product Version
mojolicious mojolicious *
CVE-2024-58135

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
mojolicious mojolicious *