/ 
Mojolicious-0.999920
⭐ Starred 2674 / Mojolicious::Book::Cheatsheet
Security Advisories (13)
CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2011-1841 (2011-03-10)

Mojolicious is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by link_to helper. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-05-03)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

NAME

Mojolicious::Book::Cheatsheet - Reference

OVERVIEW

This document contains a concise all-purpose reference.

ENVIRONMENT VARIABLES

Many parts of Mojolicious can be tuned with environment variables. Debug environment variables are excluded because they are for developer use only.

MOJO_APP

Decides which Mojolicious or Mojo application will be used, should always contain a class name like MyApp.

MOJO_APP=MyApp

MOJO_CA_FILE

The path to the TLS CA authority file, should always contain a path like /etc/tls/cacerts.pem. Note that IO::Socket::SSL must be installed for TLS support.

MOJO_CA_FILE=/etc/tls/cacerts.pem

MOJO_CHUNK_SIZE

Chunk size used for IO operations in bytes, a bigger chunk size speeds up IO operations but will also use more memory.

MOJO_CHUNK_SIZE=1024

MOJO_EPOLL

Force epoll mainloop for IO operations. Note that IO::Epoll must be installed for epoll support.

MOJO_EPOLL=1

MOJO_HOME

Home directory for the Mojolicious application, should always contain a path like /home/sri/myapp.

MOJO_HOME=/home/sri/myapp

MOJO_KQUEUE

Force kqueue mainloop for IO operations. Note that IO::KQueue must be installed for kqueue support.

MOJO_KQUEUE=1

MOJO_LOG_LEVEL

Log level for the Mojolicious application, should contain a valid log level like debug or error.

MOJO_LOG_LEVEL=debug
MOJO_LOG_LEVEL=error

MOJO_MAX_LINE_SIZE

Maximum line size for HTTP message start lines and headers in bytes, defaults to 10240.

MOJO_MAX_LINE_SIZE=2048

MOJO_MAX_MEMORY_SIZE

Maximum size in bytes for HTTP content to keep in memory, bigger content will be written to temporary files, defaults to 24576.

MOJO_MAX_MEMORY_SIZE=2048

MOJO_MAX_MESSAGE_SIZE

Maximum size for HTTP messages in bytes, defaults to 524288.

MOJO_MAX_MESSAGE_SIZE=1024

MOJO_MODE

Run mode for the Mojolicious application, should contain a valid mode like development or production.

MOJO_MODE=development
MOJO_MODE=production

MOJO_NO_IPV6

Disable IPv6 support, this might result in slightly better performance and less memory use. Note that IO::Socket::INET6 must be installed for IPv6 support.

MOJO_NO_IPV6=1

MOJO_NO_TLS

Disable TLS support, this might result in slightly better performance and less memory use. Note that IO::Socket::SSL must be installed for TLS support.

MOJO_NO_TLS=1

MOJO_POLL

Force poll mainloop for IO operations, this should only be used for testing since other mainloops are generally faster and scale better.

MOJO_POLL=1

MOJO_RELOAD

Enable Mojolicious application reloading, changes to your application will be detected automatically so you don't have to restart the server manually.

MOJO_RELOAD=1

MOJO_REVERSE_PROXY

Enable reverse proxy support for Mojolicious application.

MOJO_REVERSE_PROXY=1

MOJO_TEMPLATE_CLASS

Class the Mojolicious renderer should use to find DATA templates, defaults to main.

MOJO_TEMPLATE_CLASS=MyApp

MOJO_TMPDIR

Directory for temporary files like huge uploads, by default a random platform specific temporary directory will be used.

MOJO_TMPDIR=/tmp/mojo