PT-2025-25230 · Unknown · Mojolicious::Plugin::Csrf

Name of the Vulnerable Software and Affected Versions: Mojolicious::Plugin::CSRF version 1.03 Description: The issue concerns a weak random number source used for generating CSRF tokens. Specifically, the tokens are generated as an MD5 of the process id, the current time, and a single call to the...

CVE-2024-58135

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand function, and used for authenticating and protecting...

CVE-2024-58134

CVE-2024-58134 (Mojolicious on Perl): Affected versions are Mojolicious 0.999922 and later up to 9.39, where the HMAC session cookie secret is derived from a hard-coded string or the app class name by default. This predictable secret enables an attacker who learns or guesses the secret to forge v...

CVE-2010-4803

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors...