Search criteria
8 vulnerabilities by mojolicious
CVE-2024-58134 (GCVE-0-2024-58134)
Vulnerability from cvelistv5 – Published: 2025-05-03 16:08 – Updated: 2025-10-20 20:09
VLAI
Title
Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default
Summary
Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default.
These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
Severity
8.1 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://github.com/mojolicious/mojo/pull/1791 | issue-tracking |
| https://github.com/mojolicious/mojo/pull/2200 | issue-tracking |
| https://www.synacktiv.com/publications/baking-moj… | technical-description |
| https://medium.com/securing/baking-mojolicious-co… | technical-description |
| https://metacpan.org/release/SRI/Mojolicious-9.39… | related |
| https://github.com/hashcat/hashcat/pull/4090 | exploit |
| https://lists.debian.org/debian-perl/2025/05/msg0… | mailing-list |
| https://lists.debian.org/debian-perl/2025/05/msg0… | mailing-list |
| https://lists.debian.org/debian-perl/2025/05/msg0… | mailing-list |
| https://github.com/mojolicious/mojo/pull/2252 | issue-tracking |
| https://docs.mojolicious.org/Mojolicious/Guides/F… | technical-description |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SRI | Mojolicious |
Affected:
0.999922 , ≤ *
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-58134",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-12T15:57:49.444238Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-12T16:00:28.464Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Mojolicious",
"product": "Mojolicious",
"programFiles": [
"lib/Mojolicious.pm"
],
"programRoutines": [
{
"name": "secrets()"
}
],
"repo": "https://github.com/mojolicious/mojo",
"vendor": "SRI",
"versions": [
{
"lessThanOrEqual": "*",
"status": "affected",
"version": "0.999922",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "Antoine Cervoise from Synacktiv"
},
{
"lang": "en",
"type": "analyst",
"value": "Jakub Kramarz"
},
{
"lang": "en",
"type": "analyst",
"value": "Lukas Atkinson"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application\u0027s class name, as an HMAC session cookie secret by default.\u003cbr\u003e\u003cbr\u003eThese predictable default secrets can be exploited by an attacker to forge session cookies.\u0026nbsp; An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session.\u003cbr\u003e"
}
],
"value": "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application\u0027s class name, as an HMAC session cookie secret by default.\n\nThese predictable default secrets can be exploited by an attacker to forge session cookies.\u00a0 An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user\u2019s session."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "CWE-321 Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "CWE-331 Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T20:09:00.882Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mojolicious/mojo/pull/1791"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mojolicious/mojo/pull/2200"
},
{
"tags": [
"technical-description"
],
"url": "https://www.synacktiv.com/publications/baking-mojolicious-cookies"
},
{
"tags": [
"technical-description"
],
"url": "https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802"
},
{
"tags": [
"related"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/hashcat/hashcat/pull/4090"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-perl/2025/05/msg00016.html"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-perl/2025/05/msg00017.html"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-perl/2025/05/msg00018.html"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mojolicious/mojo/pull/2252"
},
{
"tags": [
"technical-description"
],
"url": "https://docs.mojolicious.org/Mojolicious/Guides/FAQ#What-does-Your-secret-passphrase-needs-to-be-changed-mean"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application\u0027s class name, as an HMAC session cookie secret by default",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Ensure that your Mojolicious application uses a unique secret of at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command.\u003cbr\u003e"
}
],
"value": "Ensure that your Mojolicious application uses a unique secret of at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-58134",
"datePublished": "2025-05-03T16:08:55.042Z",
"dateReserved": "2025-04-07T16:06:37.226Z",
"dateUpdated": "2025-10-20T20:09:00.882Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-58135 (GCVE-0-2024-58135)
Vulnerability from cvelistv5 – Published: 2025-05-03 10:16 – Updated: 2026-06-05 12:37
VLAI
Title
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default
Summary
Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default.
When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.
Release 9.46 fixes the issue by providing high quality randomness, even in absence of CryptX.
Users should be aware that the update does not replace previously generated weak secrets. A secret generated with the previous version MUST be replaced to ensure the updated version is using a strong secret.
Severity
5.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
13 references
| URL | Tags |
|---|---|
| https://perldoc.perl.org/functions/rand | related |
| https://metacpan.org/release/SRI/Mojolicious-9.39… | related |
| https://metacpan.org/release/SRI/Mojolicious-9.38… | related |
| https://github.com/mojolicious/mojo/pull/2200 | issue-tracking |
| https://metacpan.org/release/SRI/Mojolicious-7.28… | related |
| https://security.metacpan.org/docs/guides/random-… | technical-description |
| https://github.com/hashcat/hashcat/pull/4090 | exploit |
| https://lists.debian.org/debian-perl/2025/05/msg0… | mailing-list |
| https://lists.debian.org/debian-perl/2025/05/msg0… | mailing-list |
| https://lists.debian.org/debian-perl/2025/05/msg0… | mailing-list |
| https://metacpan.org/release/SRI/Mojolicious-9.46… | release-notes |
| https://github.com/mojolicious/mojo/commit/fb3733… | patch |
| https://github.com/mojolicious/mojo/commit/789cfa… | patch |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| SRI | Mojolicious |
Affected:
7.28 , ≤ 9.45
(custom)
|
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-58135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-05T17:58:51.652027Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T19:06:35.967Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Mojolicious",
"product": "Mojolicious",
"programFiles": [
"lib/Mojolicious/Command/Author/generate/app.pm",
"lib/Mojo/Util.pm",
"lib/Mojolicious/Command/generate/app.pm"
],
"programRoutines": [
{
"name": "Mojolicious::Command::Author::generate::app::run()"
},
{
"name": "Mojo::Util::generate_secret()"
}
],
"repo": "https://github.com/mojolicious/mojo",
"vendor": "SRI",
"versions": [
{
"lessThanOrEqual": "9.45",
"status": "affected",
"version": "7.28",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via \"mojo generate app\" by default.\n\nWhen creating a default app skeleton with the \"mojo generate app\" tool, a weak secret is written to the application\u0027s configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application\u0027s sessions. This may allow an attacker to brute force the application\u0027s session keys.\n\nRelease 9.46 fixes the issue by providing high quality randomness, even in absence of CryptX.\n\nUsers should be aware that the update does not replace previously generated weak secrets. A secret generated with the previous version MUST be replaced to ensure the updated version is using a strong secret."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T12:37:53.344Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"related"
],
"url": "https://perldoc.perl.org/functions/rand"
},
{
"tags": [
"related"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojo/Util.pm#L181"
},
{
"tags": [
"related"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.38/source/lib/Mojolicious/Command/Author/generate/app.pm#L202"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/mojolicious/mojo/pull/2200"
},
{
"tags": [
"related"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-7.28/source/lib/Mojolicious/Command/generate/app.pm#L220"
},
{
"tags": [
"technical-description"
],
"url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/hashcat/hashcat/pull/4090"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-perl/2025/05/msg00016.html"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-perl/2025/05/msg00017.html"
},
{
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-perl/2025/05/msg00018.html"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/SRI/Mojolicious-9.46/source/Changes"
},
{
"tags": [
"patch"
],
"url": "https://github.com/mojolicious/mojo/commit/fb3733f92cc8a3344e6d615b3c7dac9d538eeab0.patch"
},
{
"tags": [
"patch"
],
"url": "https://github.com/mojolicious/mojo/commit/789cfa43f9118852b38cbd1fd0a2596bcb9821ea.patch"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to version 9.46 and replace previously generated secrets."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via \"mojo generate app\" by default",
"workarounds": [
{
"lang": "en",
"value": "Ensure that your secret, stored in the application\u0027s configuration file, is at least 128 bit of cryptographically secure random data. For example, to generate a 256 bit secret, one could use the output generated by the \"openssl rand -base64 32\" command."
},
{
"lang": "en",
"value": "As of version 9.39 of Mojolicious, if the optional CryptX distribution version 0.080 or later is available in the include path before calling the \"mojo generate app\" tool, then a secure 1024 bit long secret will be generated."
}
],
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-58135",
"datePublished": "2025-05-03T10:16:10.636Z",
"dateReserved": "2025-04-07T16:06:37.226Z",
"dateUpdated": "2026-06-05T12:37:53.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2021-47208 (GCVE-0-2021-47208)
Vulnerability from cvelistv5 – Published: 2024-04-07 00:00 – Updated: 2025-03-20 14:00
VLAI
Summary
The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service.
Severity
4.3 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- n/a
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| mojolicious | mojolicious |
Affected:
0 , < 9.11
(custom)
cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:mojolicious:mojolicious:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "mojolicious",
"vendor": "mojolicious",
"versions": [
{
"lessThan": "9.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2021-47208",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-16T19:38:01.587080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-20T14:00:47.662Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-04T05:32:07.220Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mojolicious/mojo/issues/1736"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Mojolicious module before 9.11 for Perl has a bug in format detection that can potentially be exploited for denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-07T23:58:13.405Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/mojolicious/mojo/issues/1736"
},
{
"url": "https://github.com/mojolicious/mojo/commit/a0c4576ffb11c235088550de9ba7ac4196e1953c"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-47208",
"datePublished": "2024-04-07T00:00:00.000Z",
"dateReserved": "2024-04-07T00:00:00.000Z",
"dateUpdated": "2025-03-20T14:00:47.662Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1841 (GCVE-0-2011-1841)
Vulnerability from cvelistv5 – Published: 2011-05-03 00:03 – Updated: 2024-08-06 22:37
VLAI
Summary
Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://cpansearch.perl.org/src/KRAIH/Mojolicious-… | x_refsource_CONFIRM |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/47713 | vdb-entryx_refsource_BID |
| http://www.debian.org/security/2011/dsa-2239 | vendor-advisoryx_refsource_DEBIAN |
| http://lists.fedoraproject.org/pipermail/package-… | vendor-advisoryx_refsource_FEDORA |
Date Public
2011-03-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:37:25.850Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "mojolicious-linktohelper-xss(67257)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-03-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "mojolicious-linktohelper-xss(67257)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1841",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "mojolicious-linktohelper-xss(67257)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67257"
},
{
"name": "47713",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47713"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
},
{
"name": "FEDORA-2011-6465",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-May/060122.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1841",
"datePublished": "2011-05-03T00:03:00.000Z",
"dateReserved": "2011-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:37:25.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4803 (GCVE-0-2010-4803)
Vulnerability from cvelistv5 – Published: 2011-05-03 00:03 – Updated: 2024-08-07 04:02
VLAI
Summary
Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://cpansearch.perl.org/src/KRAIH/Mojolicious-… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952 | x_refsource_CONFIRM |
| http://www.debian.org/security/2011/dsa-2239 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2010-08-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.557Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-27T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4803",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4803",
"datePublished": "2011-05-03T00:03:00.000Z",
"dateReserved": "2011-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.557Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4802 (GCVE-0-2010-4802)
Vulnerability from cvelistv5 – Published: 2011-05-03 00:03 – Updated: 2024-08-07 04:02
VLAI
Summary
Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://cpansearch.perl.org/src/KRAIH/Mojolicious-… | x_refsource_CONFIRM |
| https://github.com/kraih/mojo/commit/b3a1fb453eda… | x_refsource_CONFIRM |
| https://github.com/kraih/mojo/commit/aa7c8da54b1e… | x_refsource_CONFIRM |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952 | x_refsource_CONFIRM |
| http://www.debian.org/security/2011/dsa-2239 | vendor-advisoryx_refsource_DEBIAN |
Date Public
2010-08-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:02:29.039Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-08-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-08-27T09:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2239"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4802",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
},
{
"name": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/b3a1fb453eda447c0bb082cd9eed81bb75a7564a"
},
{
"name": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44",
"refsource": "CONFIRM",
"url": "https://github.com/kraih/mojo/commit/aa7c8da54b1ebd4ccb64aa66dede7b7cdb381c44"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "DSA-2239",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2011/dsa-2239"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4802",
"datePublished": "2011-05-03T00:03:00.000Z",
"dateReserved": "2011-05-02T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:02:29.039Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-5074 (GCVE-0-2009-5074)
Vulnerability from cvelistv5 – Published: 2011-05-03 00:03 – Updated: 2024-09-16 22:25
VLAI
Summary
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| http://cpansearch.perl.org/src/KRAIH/Mojolicious-… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:24:54.037Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-05-03T00:03:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-5074",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes",
"refsource": "CONFIRM",
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.20/Changes"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-5074",
"datePublished": "2011-05-03T00:03:00.000Z",
"dateReserved": "2011-05-02T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:25:37.859Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1589 (GCVE-0-2011-1589)
Vulnerability from cvelistv5 – Published: 2011-04-29 22:00 – Updated: 2024-08-06 22:28
VLAI
Summary
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
20 references
Date Public
2011-04-15 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"name": "DSA-2221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"name": "ADV-2011-1072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/issues/114"
},
{
"name": "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"name": "FEDORA-2011-5505",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"name": "44359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44359"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"name": "44051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44051"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "ADV-2011-1093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"name": "71850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/71850"
},
{
"name": "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"name": "47402",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47402"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"name": "mojolicious-url-directory-traversal(66830)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"name": "[oss-security] 20110418 CVE request: Mojolicious",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"name": "FEDORA-2011-5504",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://perlninja.posterous.com/sharks-in-the-water"
},
{
"name": "DSA-2221",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2221"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gz"
},
{
"name": "ADV-2011-1072",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1072"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/issues/114"
},
{
"name": "[oss-security] 20110418 Re: CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/7"
},
{
"name": "FEDORA-2011-5505",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.html"
},
{
"name": "44359",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44359"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818"
},
{
"name": "44051",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44051"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=622952"
},
{
"name": "ADV-2011-1093",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2011/1093"
},
{
"name": "71850",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/71850"
},
{
"name": "[oss-security] 20110416 CVE request: Mojolicious directory traversal vulnerability",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/17/1"
},
{
"name": "47402",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47402"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changes"
},
{
"name": "mojolicious-url-directory-traversal(66830)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66830"
},
{
"name": "[oss-security] 20110418 CVE request: Mojolicious",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/18/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=697229"
},
{
"name": "FEDORA-2011-5504",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1589",
"datePublished": "2011-04-29T22:00:00.000Z",
"dateReserved": "2011-04-05T00:00:00.000Z",
"dateUpdated": "2024-08-06T22:28:41.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}