Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added yesterday6 views

CVE-2026-15747

A flaw was found in Mojolicious. This vulnerability exposes a stable representation of the session Cross-Site Request Forgery CSRF token to a BREACH compression oracle. When a web server response containing the token is gzip-compressed and also echoes attacker-controlled input, an attacker can us...

9.1CVSS6AI score0.00152EPSS
Exploits0References2
NVD
NVD
added 2 days ago3 views

CVE-2026-15747

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

9.1CVSS0.00152EPSS
Exploits0References3
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-15747 Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. csrftoken generates and caches one token per session and returns the same value on every call, and csrffield places that value in a hidden csrftoken input...

0.00152EPSS
Exploits0References2
CVE
CVE
added 2 days ago5 views

CVE-2026-15747

CVE-2026-15747 affects Mojolicious on Perl: versions 4.59 up to (but excluding) 9.48 expose a stable CSRF token representation to a BREACH compression oracle. _csrf_token caches a single per-session token and _csrf_field outputs it in a hidden input; when a response includes attacker-controlled i...

9.1CVSS6.1AI score0.00152EPSS
Exploits0References3
Rows per page
Query Builder