UBUNTU-CVE-2024-58134

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-58134

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-58134.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2024-58134

Related

CVE-2024-58134

Published

2025-05-03T16:15:00Z

Modified

2025-05-14T16:32:53Z

Summary

[none]

Details

Mojolicious versions from 0.999922 through 9.40 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

References

Affected packages

Ubuntu:Pro:16.04:LTS / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@6.15+dfsg-1ubuntu1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.15+dfsg-1

6.15+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@7.59+dfsg-1ubuntu1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.39+dfsg-1ubuntu1

7.43+dfsg-1ubuntu1

7.57+dfsg-1ubuntu1

7.59+dfsg-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@8.33+dfsg-1?arch=source&distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.22+dfsg-1

8.23+dfsg-1

8.26+dfsg-1

8.27+dfsg-1

8.32+dfsg-1

8.33+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@9.22+dfsg-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.71+dfsg-1

9.*

9.22+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.10 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@9.37+dfsg-2?arch=source&distro=oracular

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.35+dfsg-1

9.37+dfsg-1

9.37+dfsg-2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@9.35+dfsg-1?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.33+dfsg-1

9.35+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:25.04 / libmojolicious-perl

Package

Name: libmojolicious-perl
Purl: pkg:deb/ubuntu/libmojolicious-perl@9.39+dfsg-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

9.*

9.37+dfsg-2

9.38+dfsg-1

9.39+dfsg-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}