/ 
Mojolicious-0.999920
⭐ Starred 2674
/ Mojo::Server::Daemon::Prefork
Security Advisories (13)
CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

NAME

Mojo::Server::Daemon::Prefork - Preforking HTTP 1.1 And WebSocket Server

SYNOPSIS

use Mojo::Daemon::Prefork;

my $daemon = Mojo::Daemon::Prefork->new;
$daemon->port(8080);
$daemon->run;

DESCRIPTION

Mojo::Server::Daemon::Prefork is a full featured preforking HTTP 1.1 and WebSocket server using a dynamic worker pool with IPv6, TLS, epoll, kqueue, hot deployment, UNIX domain socket sharing and optional async io support.

Optional modules IO::KQueue, IO::Epoll, IO::Socket::INET6 and IO::Socket::SSL are supported transparently and used if installed.

ATTRIBUTES

Mojo::Server::Daemon::Prefork inherits all attributes from Mojo::Server::Daemon and implements the following new ones.

cleanup_interval

my $cleanup_interval = $daemon->cleanup_interval;
$daemon              = $daemon->cleanup_interval(15);

idle_timeout

my $idle_timeout = $daemon->idle_timeout;
$daemon          = $daemon->idle_timeout(30);

max_clients

my $max_clients = $daemon->max_clients;
$daemon         = $daemon->max_clients(1);

max_servers

my $max_servers = $daemon->max_servers;
$daemon         = $daemon->max_servers(100);

max_spare_servers

my $max_spare_servers = $daemon->max_spare_servers;
$daemon               = $daemon->max_spare_servers(10);

min_spare_servers

my $min_spare_servers = $daemon->min_spare_servers;
$daemon               = $daemon->min_spare_servers(5);

start_servers

my $start_servers = $daemon->start_servers;
$daemon           = $daemon->start_servers(5);

METHODS

Mojo::Server::Daemon::Prefork inherits all methods from Mojo::Server::Daemon and implements the following new ones.

accept_lock

my $lock = $daemon->accept_lock($blocking);

child

$daemon->child;

child_status

$daemon->child_status('idle');

daemonize

$daemon->daemonize;

parent

$daemon->parent;

run

$daemon->run;

SEE ALSO

Mojolicious, Mojolicious::Book, http://mojolicious.org.