HIGH8.1CVE-2024-58134Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by… from 0
from 0, < 8.65+dfsg-1
from 0, < 8.12+dfsg-1.1~deb10u1
MEDIUM5.3Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default.
from 0
MEDIUM5.3The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain.
from 0, < 7.71+dfsg-1
MEDIUM4.3The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
from 0
—Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web s…
from 0, < 1.12-1
—Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.
from 0, < 0.999929-1
—libmojolicious-perl - several
from 0, < 0.999926-1+squeeze2
—libmojolicious-perl - several
from 0, < 0.999929-1
—libmojolicious-perl - directory traversal
from 0, < 0.999926-1+squeeze1
—libmojolicious-perl - directory traversal
from 0, < 1.16-1