DEBIAN-CVE-2024-58135

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-58135

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2024-58135.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2024-58135

Upstream

CVE-2024-58135

Published

2025-05-03T11:15:48Z

Modified

2025-09-18T05:18:19Z

Summary

[none]

Details

Mojolicious versions from 7.28 through 9.40 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

References

https://security-tracker.debian.org/tracker/CVE-2024-58135

Affected packages

Debian:11 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/debian/libmojolicious-perl?arch=source

Affected ranges

Ecosystem specific

{
    "urgency": "not yet assigned"
}