CVE-2024-58134
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-58134
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-58134.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-58134
- Related
- Published
- 2025-05-03T16:15:19Z
- Modified
- 2025-05-17T13:52:13.901392Z
- Summary
- [none]
- Details
-
Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default.
These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.
- References
-
- https://github.com/hashcat/hashcat/pull/4090
- https://github.com/mojolicious/mojo/pull/1791
- https://github.com/mojolicious/mojo/pull/2200
- https://medium.com/securing/baking-mojolicious-cookies-revisited-a-case-study-of-solving-security-problems-through-security-by-13da7c225802
- https://metacpan.org/release/SRI/Mojolicious-9.39/source/lib/Mojolicious.pm#L51
- https://www.synacktiv.com/publications/baking-mojolicious-cookies
- https://security-tracker.debian.org/tracker/CVE-2024-58134
Affected packages
Debian:11 / libmojolicious-perl
Package
- Name
- libmojolicious-perl
- Purl
- pkg:deb/debian/libmojolicious-perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
8.*
8.71+dfsg-1
9.*
9.21+dfsg-1
9.21+dfsg-2
9.22+dfsg-1
9.22+dfsg-2
9.23+dfsg-1
9.24+dfsg-1
9.25+dfsg-1
9.26+dfsg-1
9.27+dfsg-1
9.28+dfsg-1
9.31+dfsg-1
9.33+dfsg-1
9.34+dfsg-1
9.35+dfsg-1
9.36+dfsg-1~bpo12+2
9.36+dfsg-1
9.37+dfsg-1
9.37+dfsg-2~bpo12+1
9.37+dfsg-2
9.38+dfsg-1
9.39+dfsg-1
Debian:12 / libmojolicious-perl
Package
- Name
- libmojolicious-perl
- Purl
- pkg:deb/debian/libmojolicious-perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Debian:13 / libmojolicious-perl
Package
- Name
- libmojolicious-perl
- Purl
- pkg:deb/debian/libmojolicious-perl?arch=source
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Git / github.com/mojolicious/mojo
Affected versions
v0.*
v0.999922
v0.999923
v0.999924
v0.999925
v0.999926
v0.999927
v0.999928
v0.999929
v0.999930
v0.999931
v0.999932
v0.999933
v0.999934
v0.999935
v0.999936
v0.999937
v0.999938
v0.999939
v0.999940
v0.999941
v0.999950
v1.*
v1.0
v1.01
v1.1
v1.11
v1.12
v1.13
v1.14
v1.15
v1.17
v1.18
v1.19
v1.20
v1.21
v1.22
v1.3
v1.31
v1.32
v1.33
v1.34
v1.4
v1.41
v1.42
v1.43
v1.44
v1.45
v1.46
v1.47
v1.48
v1.49
v1.50
v1.51
v1.52
v1.53
v1.54
v1.55
v1.56
v1.57
v1.58
v1.59
v1.60
v1.61
v1.62
v1.63
v1.64
v1.65
v1.66
v1.67
v1.68
v1.69
v1.70
v1.71
v1.72
v1.73
v1.74
v1.75
v1.76
v1.77
v1.78
v1.79
v1.80
v1.81
v1.82
v1.83
v1.84
v1.85
v1.86
v1.87
v1.88
v1.89
v1.90
v1.91
v1.92
v1.93
v1.94
v1.95
v1.96
v1.97
v1.98
v1.99
v2.*
v2.0
v2.01
v2.02
v2.03
v2.04
v2.05
v2.06
v2.07
v2.08
v2.09
v2.10
v2.11
v2.12
v2.13
v2.14
v2.15
v2.16
v2.17
v2.18
v2.19
v2.20
v2.21
v2.22
v2.23
v2.24
v2.25
v2.26
v2.27
v2.28
v2.29
v2.30
v2.31
v2.32
v2.33
v2.34
v2.35
v2.36
v2.37
v2.38
v2.39
v2.40
v2.41
v2.42
v2.43
v2.44
v2.45
v2.46
v2.47
v2.48
v2.49
v2.50
v2.51
v2.52
v2.53
v2.54
v2.55
v2.56
v2.57
v2.58
v2.59
v2.60
v2.61
v2.62
v2.63
v2.64
v2.65
v2.66
v2.67
v2.68
v2.69
v2.70
v2.71
v2.72
v2.73
v2.74
v2.75
v2.76
v2.77
v2.78
v2.79
v2.80
v2.81
v2.82
v2.83
v2.84
v2.85
v2.86
v2.87
v2.88
v2.89
v2.90
v2.91
v2.92
v2.93
v2.94
v2.95
v2.96
v2.97
v2.98
v3.*
v3.0
v3.01
v3.02
v3.03
v3.04
v3.05
v3.06
v3.07
v3.08
v3.09
v3.10
v3.11
v3.12
v3.13
v3.14
v3.15
v3.16
v3.17
v3.18
v3.19
v3.20
v3.21
v3.22
v3.23
v3.24
v3.25
v3.26
v3.27
v3.28
v3.29
v3.30
v3.31
v3.32
v3.33
v3.34
v3.35
v3.36
v3.37
v3.38
v3.39
v3.40
v3.41
v3.42
v3.43
v3.44
v3.45
v3.46
v3.47
v3.48
v3.49
v3.50
v3.51
v3.52
v3.53
v3.54
v3.55
v3.56
v3.57
v3.58
v3.59
v3.60
v3.61
v3.62
v3.63
v3.64
v3.65
v3.66
v3.67
v3.68
v3.69
v3.70
v3.71
v3.72
v3.73
v3.74
v3.75
v3.76
v3.77
v3.78
v3.79
v3.80
v3.81
v3.82
v3.83
v3.84
v3.85
v3.86
v3.87
v3.88
v3.89
v3.90
v3.91
v3.92
v3.93
v3.94
v3.95
v3.96
v3.97
v4.*
v4.0
v4.01
v4.02
v4.03
v4.04
v4.05
v4.06
v4.07
v4.08
v4.09
v4.10
v4.11
v4.12
v4.13
v4.14
v4.15
v4.16
v4.17
v4.18
v4.19
v4.20
v4.21
v4.22
v4.23
v4.24
v4.25
v4.26
v4.27
v4.28
v4.29
v4.30
v4.31
v4.32
v4.33
v4.34
v4.35
v4.36
v4.37
v4.38
v4.39
v4.40
v4.41
v4.42
v4.43
v4.44
v4.45
v4.46
v4.47
v4.48
v4.49
v4.50
v4.51
v4.52
v4.53
v4.54
v4.55
v4.56
v4.57
v4.58
v4.59
v4.60
v4.61
v4.62
v4.63
v4.64
v4.65
v4.66
v4.67
v4.68
v4.69
v4.70
v4.71
v4.72
v4.73
v4.74
v4.75
v4.76
v4.77
v4.78
v4.79
v4.80
v4.81
v4.82
v4.83
v4.84
v4.85
v4.86
v4.87
v4.88
v4.89
v4.90
v4.91
v4.92
v4.93
v4.94
v4.95
v4.96
v4.97
v4.98
v4.99
v5.*
v5.0
v5.01
v5.02
v5.03
v5.04
v5.05
v5.06
v5.07
v5.08
v5.09
v5.10
v5.11
v5.12
v5.13
v5.14
v5.15
v5.16
v5.17
v5.18
v5.19
v5.20
v5.21
v5.22
v5.23
v5.24
v5.25
v5.26
v5.27
v5.28
v5.29
v5.30
v5.31
v5.32
v5.33
v5.34
v5.35
v5.36
v5.37
v5.38
v5.39
v5.40
v5.41
v5.42
v5.43
v5.44
v5.45
v5.46
v5.47
v5.48
v5.49
v5.50
v5.51
v5.52
v5.53
v5.54
v5.55
v5.56
v5.57
v5.58
v5.59
v5.60
v5.61
v5.62
v5.63
v5.64
v5.65
v5.66
v5.67
v5.68
v5.69
v5.70
v5.71
v5.72
v5.73
v5.74
v5.75
v5.76
v5.77
v5.78
v5.79
v5.80
v5.81
v5.82
v6.*
v6.0
v6.01
v6.02
v6.03
v6.04
v6.05
v6.06
v6.07
v6.08
v6.09
v6.10
v6.11
v6.12
v6.13
v6.14
v6.15
v6.16
v6.17
v6.18
v6.19
v6.20
v6.21
v6.22
v6.23
v6.24
v6.25
v6.26
v6.27
v6.28
v6.29
v6.30
v6.31
v6.32
v6.33
v6.34
v6.35
v6.36
v6.37
v6.38
v6.39
v6.40
v6.41
v6.42
v6.43
v6.44
v6.45
v6.46
v6.47
v6.48
v6.49
v6.50
v6.51
v6.52
v6.53
v6.54
v6.55
v6.56
v6.57
v6.58
v6.59
v6.60
v6.61
v6.62
v6.63
v6.64
v6.65
v6.66
v7.*
v7.0
v7.01
v7.02
v7.03
v7.04
v7.05
v7.06
v7.07
v7.08
v7.09
v7.10
v7.11
v7.12
v7.13
v7.14
v7.15
v7.16
v7.17
v7.18
v7.19
v7.20
v7.21
v7.22
v7.23
v7.24
v7.25
v7.26
v7.27
v7.28
v7.29
v7.30
v7.31
v7.32
v7.33
v7.34
v7.35
v7.36
v7.37
v7.38
v7.39
v7.40
v7.41
v7.42
v7.43
v7.44
v7.45
v7.46
v7.47
v7.48
v7.49
v7.50
v7.51
v7.52
v7.53
v7.54
v7.55
v7.56
v7.57
v7.58
v7.59
v7.60
v7.61
v7.62
v7.63
v7.64
v7.65
v7.66
v7.67
v7.68
v7.69
v7.70
v7.71
v7.72
v7.73
v7.74
v7.75
v7.76
v7.77
v7.78
v7.79
v7.80
v7.81
v7.82
v7.83
v7.84
v7.85
v7.86
v7.87
v7.88
v7.89
v7.90
v7.91
v7.92
v7.93
v7.94
v8.*
v8.0
v8.01
v8.02
v8.03
v8.04
v8.05
v8.06
v8.07
v8.08
v8.09
v8.10
v8.11
v8.12
v8.13
v8.14
v8.15
v8.16
v8.17
v8.18
v8.19
v8.20
v8.21
v8.22
v8.23
v8.24
v8.25
v8.26
v8.27
v8.28
v8.29
v8.30
v8.31
v8.32
v8.33
v8.34
v8.35
v8.36
v8.37
v8.38
v8.39
v8.40
v8.41
v8.42
v8.50
v8.51
v8.52
v8.53
v8.54
v8.55
v8.56
v8.57
v8.58
v8.59
v8.60
v8.61
v8.62
v8.63
v8.64
v8.65
v8.66
v8.67
v8.68
v8.69
v8.70
v8.71
v8.72
v8.73
v9.*
v9.0
v9.01
v9.02
v9.03
v9.07
v9.08
v9.09
v9.10
v9.11
v9.12
v9.13
v9.14
v9.15
v9.16
v9.17
v9.18
v9.19
v9.20
v9.21
v9.22
v9.23
v9.24
v9.25
v9.26
v9.27
v9.28
v9.29
v9.30
v9.31
v9.32
v9.33
v9.34
v9.35
v9.36
v9.37
v9.38
v9.39
v9.40