Vulnerability in Mojolicious

CVE-2024-58134

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies…

EPSS: 0.005 (36.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2024-58134?
CVE-2024-58134 is a high-severity vulnerability in Mojolicious, classified under Use of Hard-coded Cryptographic Key. CVSS score: 8.1/10. Published 2025-05-03.
How severe is CVE-2024-58134?
High severity. CVSS v3 base score is 8.1 out of 10.