216.73.217.64

CVE-2024-58134

· Published 03/05/2025 16:15 · Modified 03/05/2025 16:15

Labels: CVE-2024-58134 2025-05-039b29abf9-4ab0-4765-b253-1875cd9b441eCVE-2024-58134CWE-321

Essential information

Published
03/05/2025 16:15
Modified
03/05/2025 16:15
Author
Creator
CISA KEV
No
CWE

Description

Mojolicious versions from 0.999922 through 9.39 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD
View on NVD

Affected products (CPE)

ProductCPE
mojolicious / mojolicious cpe:2.3:a:mojolicious:mojolicious:0.999922-9.39:*:*:*:*:*:*:*

References