Unrated severityNVD Advisory· Published Apr 29, 2011· Updated Jun 16, 2026
CVE-2011-1589
CVE-2011-1589
Description
Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
83cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*+ 82 more
- cpe:2.3:a:mojolicious:mojolicious:0.2:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.3:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.4:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.5:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.6:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.7:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8006:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8007:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8008:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8009:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.3:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.4:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.8.5:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.9:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.9001:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.9002:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991231:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991232:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991233:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991234:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991235:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991236:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991237:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991238:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991239:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991240:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991241:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991242:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991243:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991244:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991245:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991246:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991250:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.991251:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999901:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999902:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999903:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999904:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999905:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999906:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999907:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999908:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999909:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999910:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999911:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999912:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999913:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999914:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999920:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999921:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999922:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999923:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999924:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999925:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999926:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999927:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999928:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999929:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999930:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999931:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999932:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999933:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999934:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999935:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999936:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999937:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999938:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999939:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999940:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999941:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:0.999950:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.01:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.11:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.12:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.13:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.14:*:*:*:*:*:*:*
- cpe:2.3:a:mojolicious:mojolicious:1.15:*:*:*:*:*:*:*
- (no CPE)range: <1.16
Patches
Vulnerability mechanics
References
20- search.cpan.org/CPAN/authors/id/K/KR/KRAIH/Mojolicious-1.16.tar.gznvdPatch
- github.com/kraih/mojo/commit/b09854988c5b5b6a2ba53cc8661c4b2677da3818nvdPatch
- bugs.debian.org/cgi-bin/bugreport.cginvdExploit
- openwall.com/lists/oss-security/2011/04/17/1nvdExploitPatch
- openwall.com/lists/oss-security/2011/04/18/3nvdExploitPatch
- openwall.com/lists/oss-security/2011/04/18/7nvdExploit
- www.osvdb.org/71850nvdExploit
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- github.com/kraih/mojo/issues/114nvdExploit
- secunia.com/advisories/44051nvdVendor Advisory
- cpansearch.perl.org/src/KRAIH/Mojolicious-1.16/Changesnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-April/058885.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-April/058891.htmlnvd
- perlninja.posterous.com/sharks-in-the-waternvd
- secunia.com/advisories/44359nvd
- www.debian.org/security/2011/dsa-2221nvd
- www.securityfocus.com/bid/47402nvd
- www.vupen.com/english/advisories/2011/1072nvd
- www.vupen.com/english/advisories/2011/1093nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/66830nvd
News mentions
0No linked articles in our index yet.