Sri Mojolicious
3 CVEs affecting Sri Mojolicious. Latest disclosed: 2026-07-14. Critical: 0, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-58134 | High | 8.1 | 2025-05-03 | Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These pred… |
CVE-2024-58135 | Medium | 5.3 | 2025-05-03 | Mojolicious versions from 7.28 through 9.45 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default. When creating a defaul… |
CVE-2026-15747 | | 2026-07-14 | Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle. _csrf_token gener… |