VYPR

Mojo

by Mojolicious

Source repositories

CVEs (3)

  • CVE-2020-36829HigApr 8, 2024
    risk 0.42cvss 7.5epss 0.01

    The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.

  • CVE-2024-58135MedMay 3, 2025
    risk 0.28cvss 5.3epss 0.00

    Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using…

  • CVE-2018-25100MedMar 24, 2024
    risk 0.27cvss 5.3epss 0.01

    The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.