Vulnerability in Jberger Mojo::jwt
CVE-2026-9537
Mojo::JWT versions before 1.02 for Perl verify HMAC signatures with a non-constant-time string comparison. The decode() method compares the supplied signature to the recomputed HMAC with Perl's eq operator, which stops at the first differ…
Affected products
- Jberger Mojo::jwt — versions 0