Security Advisories (10)

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

https://github.com/mojolicious/mojo/pull/1601

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as an HMAC session cookie secret by default. These predictable default secrets can be exploited by an attacker to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user’s session.

NAME

Mojolicious::Guides - Mojolicious guide to the galaxy

DON'T PANIC!

We are constantly working on new documentation, follow us on Twitter, GitHub or join the official IRC channel #mojo on irc.perl.org to get all the latest updates.

LEARNING PERL

If you are new to Perl, we recommend Learn Perl in 2 hours 30 minutes for a quick introduction, or the Modern Perl book, freely available in many formats. Both are excellent introductions to the language. For more books and documentation, check out learn.perl.org.

TUTORIAL

Mojolicious::Lite: A really fast and fun way to get started developing web applications with Mojolicious is the Mojolicious::Lite tutorial. Almost everything you learn there can also be applied to normal Mojolicious applications and is considered a prerequisite for the guides. You should definitely take a look!

GUIDES

Mojolicious::Guides::Growing: Starting a Mojolicious::Lite prototype from scratch and growing it into a well structured Mojolicious application.
Mojolicious::Guides::Routing: Simple and fun introduction to the Mojolicious router.
Mojolicious::Guides::Rendering: Generating content with the Mojolicious renderer.
Mojolicious::Guides::Cookbook: Cooking with Mojolicious, recipes for every taste.
Mojolicious::Guides::FAQ: Frequently asked questions with the right answers.
Mojolicious::Guides::CodingGuidelines: Coding guidelines and mission statement. A must read for developers and contributors!

HIGHLIGHTS

Mojolicious and Mojolicious::Lite are the sum of many parts, small building blocks that can be used independently, these are the most prominent ones.

Mojo::UserAgent: Full featured non-blocking I/O HTTP 1.1 and WebSocket user agent.
Mojo::DOM: Very fun and minimalistic HTML5/XML DOM parser with CSS3 selector support.
Mojo::JSON: Minimalistic JSON implementation that just works.
Mojo::Server::Daemon: Highly portable non-blocking I/O HTTP 1.1 and WebSocket server with self-restart support through Mojo::Server::Morbo, perfect for development and testing.
Mojo::Server::Hypnotoad: Full featured UNIX optimized preforking non-blocking I/O HTTP 1.1 and WebSocket server with support for zero downtime software upgrades (hot deployment).
Mojo::Server::CGI, Mojo::Server::PSGI: Transparent CGI and PSGI support out of the box.
Mojo::Template: Very Perl-ish and minimalistic template system.
Mojo::ByteStream: Countless portable and very convenient bytestream manipulation methods.
Mojolicious::Commands: Pluggable command line system and the backbone of the mojo script.
Test::Mojo: Test driven development toolkit for web applications.
ojo: Fun oneliners using everything above.

A lot more documentation and examples by many different authors can be found in the Mojolicious wiki at http://github.com/kraih/mojo/wiki.

To install Mojolicious, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mojolicious

CPAN shell

perl -MCPAN -e shell
install Mojolicious

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DON'T PANIC!

LEARNING PERL

TUTORIAL

GUIDES

HIGHLIGHTS

MORE

Module Install Instructions

Keyboard Shortcuts