DEBIAN-CVE-2024-58134

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2024-58134

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-58134.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-58134

Upstream

CVE-2024-58134

Published

2025-05-03T16:15:19Z

Modified

2025-09-18T05:18:15Z

Summary

[none]

Details

Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

References

https://security-tracker.debian.org/tracker/CVE-2024-58134

Affected packages

Debian:11 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}