Security Advisories (13)

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

NAME

MojoX::Routes::Pattern - Routes Pattern

SYNOPSIS

use MojoX::Routes::Pattern;

# New pattern object
my $pattern = MojoX::Routes::Pattern->new;

DESCRIPTION

MojoX::Routes::Pattern is a container for routes pattern which are used to match paths against.

ATTRIBUTES

MojoX::Routes::Pattern implements the following attributes.

`defaults`

my $defaults = $pattern->defaults;
$pattern     = $pattern->defaults({foo => 'bar'});

Default parameters.

`pattern`

my $pattern = $pattern->pattern;
$pattern    = $pattern->pattern('/(foo)/(bar)');

Raw unparsed pattern.

`quote_end`

my $quote = $pattern->quote_end;
$pattern  = $pattern->quote_end(']');

Character indicating the end of a quoted placeholder, defaults to ).

`quote_start`

my $quote = $pattern->quote_start;
$pattern  = $pattern->quote_start('[');

Character indicating the start of a quoted placeholder, defaults to (.

`regex`

my $regex = $pattern->regex;
$pattern  = $pattern->regex(qr/\/foo/);

Pattern in compiled regex form.

`relaxed_start`

my $relaxed = $pattern->relaxed_start;
$pattern    = $pattern->relaxed_start('*');

Character indicating a relaxed placeholder, defaults to ..

`reqs`

my $reqs = $pattern->reqs;
$pattern = $pattern->reqs({foo => qr/\w+/});

Regex constraints.

`symbol_start`

my $symbol = $pattern->symbol_start;
$pattern   = $pattern->symbol_start(':');

Character indicating a placeholder, defaults to :.

`symbols`

my $symbols = $pattern->symbols;
$pattern    = $pattern->symbols(['foo', 'bar']);

Placeholder names.

`tree`

my $tree = $pattern->tree;
$pattern = $pattern->tree([ ... ]);

Pattern in parsed form.

`wildcard_start`

my $wildcard = $pattern->wildcard_start;
$pattern     = $pattern->wildcard_start('*');

Character indicating the start of a wildcard placeholder, defaults to *.

METHODS

MojoX::Routes::Pattern inherits all methods from Mojo::Base and implements the follwing the ones.

`new`

my $pattern = MojoX::Routes::Pattern->new('/(controller)/(action)',
    action => qr/\w+/
);

Construct a new pattern object.

`match`

my $result = $pattern->match('/foo/bar');

Match pattern against a path.

`parse`

$pattern = $pattern->parse('/(controller)/(action)', action => qr/\w+/);

Parse a raw pattern.

`render`

my $path = $pattern->render({action => 'foo'});

Render pattern into a path with paramters.

`shape_match`

my $result = $pattern->shape_match(\$path);

Match pattern against a path and remove matching parts.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

ATTRIBUTES

defaults

pattern

quote_end

quote_start

regex

relaxed_start

reqs

symbol_start

symbols

tree

wildcard_start