AZL-61673

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61673.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61673

Upstream

CVE-2024-58134

Published

2025-05-03T16:15:19Z

Modified

2026-04-01T05:19:43.208785Z

Summary

CVE-2024-58134 affecting package perl-Mojolicious 8.57-3

Details

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default.

These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58134

Affected packages

Azure Linux:2 / perl-Mojolicious

Package

Name: perl-Mojolicious
Purl: pkg:rpm/azure-linux/perl-Mojolicious

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

8.57-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61673.json"