AZL-61741

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61741.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-61741

Upstream

CVE-2024-58135

Published

2025-05-03T11:15:48Z

Modified

2026-04-01T05:19:54.681536Z

Summary

CVE-2024-58135 affecting package perl-Mojolicious 8.57-3

Details

Mojolicious versions from 7.28 for Perl will generate weak HMAC session cookie secrets via "mojo generate app" by default

When creating a default app skeleton with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-58135

Affected packages

Azure Linux:2 / perl-Mojolicious

Package

Name: perl-Mojolicious
Purl: pkg:rpm/azure-linux/perl-Mojolicious

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

8.57-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-61741.json"