Vulnerability in Mojolicious
CVE-2024-58134
Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies…
EPSS: 0.005 (36.8th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N.
Affected products
- Mojolicious
- Sri Mojolicious — versions 0.999922
Weakness classification (CWE)
References
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking, Patch, Issue Tracking)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking, Patch, Issue Tracking)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (Exploit, technical-description)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (technical-description, Third Party Advisory)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (related, Product)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (Patch, exploit, Issue Tracking)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (mailing-list)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (mailing-list)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (mailing-list)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking)
Frequently asked questions
- What is CVE-2024-58134?
- CVE-2024-58134 is a high-severity vulnerability in Mojolicious, classified under Use of Hard-coded Cryptographic Key. CVSS score: 8.1/10. Published 2025-05-03.
- How severe is CVE-2024-58134?
- High severity. CVSS v3 base score is 8.1 out of 10.