/ 
Mojolicious-9.42
River stage four • 1087 direct dependents • 1231 total dependents
⭐ Starred 2674 GitHub stars
/ Mojo::Server::CGI
Security Advisories (2)
CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

CVE-2024-58135 (2025-05-03)

Mojolicious versions from 7.28 for Perl may generate weak HMAC session secrets. When creating a default app with the "mojo generate app" tool, a weak secret is written to the application's configuration file using the insecure rand() function, and used for authenticating and protecting the integrity of the application's sessions. This may allow an attacker to brute force the application's session keys.

NAME

Mojo::Server::CGI - CGI server

SYNOPSIS

use Mojo::Server::CGI;

my $cgi = Mojo::Server::CGI->new;
$cgi->unsubscribe('request')->on(request => sub ($cgi, $tx) {

  # Request
  my $method = $tx->req->method;
  my $path   = $tx->req->url->path;

  # Response
  $tx->res->code(200);
  $tx->res->headers->content_type('text/plain');
  $tx->res->body("$method request for $path!");

  # Resume transaction
  $tx->resume;
});
$cgi->run;

DESCRIPTION

Mojo::Server::CGI is a simple and portable implementation of RFC 3875.

See "DEPLOYMENT" in Mojolicious::Guides::Cookbook for more.

EVENTS

Mojo::Server::CGI inherits all events from Mojo::Server.

ATTRIBUTES

Mojo::Server::CGI inherits all attributes from Mojo::Server and implements the following new ones.

nph

my $bool = $cgi->nph;
$cgi     = $cgi->nph($bool);

Activate non-parsed header mode.

METHODS

Mojo::Server::CGI inherits all methods from Mojo::Server and implements the following new ones.

run

my $status = $cgi->run;

Run CGI.

SEE ALSO

Mojolicious, Mojolicious::Guides, https://mojolicious.org.