Security Advisories (8)

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CVE-2020-36829 (2020-11-10)

Mojo::Util secure_compare can leak the string length. By immediately returning when the two strings are not the same length, the function allows an attacker to guess the length of the secret string using timing attacks.

https://github.com/mojolicious/mojo/pull/1601

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2024-58134 (2025-05-03)

Mojolicious versions from 0.999922 for Perl uses a hard coded string, or the application's class name, as a HMAC session secret by default. These predictable default secrets can be exploited to forge session cookies. An attacker who knows or guesses the secret could compute valid HMAC signatures for the session cookie, allowing them to tamper with or hijack another user's session.

NAME

Mojolicious::Guides - Mojolicious guide to the galaxy

DON'T PANIC!

We are constantly working on new documentation, follow us on GitHub or join the official IRC channel #mojo on irc.perl.org to get all the latest updates.

BASICS

Learning Perl: If you are new to Perl, we recommend Learn Perl in 2 hours 30 minutes for a quick introduction, or the Modern Perl book, freely available in many formats. Both are excellent introductions to the language. For more books and documentation, check out learn.perl.org.
Learning Web Technologies: All web development starts with HTML, CSS and JavaScript, to learn the basics we recommend the Mozilla Developer Network. And if you want to know more about how browsers and web servers actually communicate, there's also a very nice introduction to HTTP.

TUTORIAL

Mojolicious::Guides::Tutorial: A fast and fun way to get started developing web applications with Mojolicious. The tutorial introduces the Mojolicious::Lite micro web framework, which is only a thin wrapper around the full web framework. The simplified notation introduced in the tutorial is commonly used throughout the guides and is therefore considered a prerequisite, you should definitely take a look!

GUIDES

Mojolicious::Guides::Growing: Starting a Mojolicious::Lite prototype from scratch and growing it into a well-structured Mojolicious application.
Mojolicious::Guides::Routing: Simple and fun introduction to the Mojolicious router.
Mojolicious::Guides::Rendering: Generating content with the Mojolicious renderer.
Mojolicious::Guides::Cookbook: Cooking with Mojolicious, recipes for every taste.
Mojolicious::Guides::Contributing: Become a part of the ongoing Mojolicious development.
Mojolicious::Guides::FAQ: Answers to the most frequently asked questions.

HIGHLIGHTS

Mojolicious and Mojolicious::Lite are the sum of many parts, small building blocks that can be used independently, these are the most prominent ones.

Mojo::UserAgent: Full featured non-blocking I/O HTTP and WebSocket user agent.
Mojo::DOM: Very fun and minimalistic HTML/XML DOM parser with CSS selector support.
Mojo::JSON: Minimalistic JSON implementation that just works.
Mojo::Server::Daemon: Full featured, highly portable non-blocking I/O HTTP and WebSocket server, with self-restart support through Mojo::Server::Morbo, perfect for development and testing.
Mojo::Server::Prefork: Full featured, UNIX optimized, preforking non-blocking I/O HTTP and WebSocket server with support for zero downtime software upgrades (hot deployment) through Mojo::Server::Hypnotoad.
Mojo::Server::CGI, Mojo::Server::PSGI: Transparent CGI and PSGI support out of the box.
Mojo::IOLoop: A minimalistic event loop with support for multiple reactor backends.
Mojo::Template: Very Perl-ish and minimalistic template system.
Test::Mojo: Testing toolkit for web applications.
ojo: Fun one-liners using everything above.

SPIN-OFFS

These modules are not part of the Mojolicious distribution, but have been designed to be used with it and are being developed under the same umbrella.

Mojo::Pg: A tiny wrapper around DBD::Pg that makes PostgreSQL a lot of fun to use with Mojolicious.
Minion: A job queue for Mojolicious with support for multiple backends.

REFERENCE

This is the class hierarchy of the Mojolicious distribution.

A lot more documentation and examples by many different authors can be found in the Mojolicious wiki.

SUPPORT

If you have any questions the documentation might not yet answer, don't hesitate to ask on the mailing-list or the official IRC channel #mojo on irc.perl.org.

To install Mojolicious, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Mojolicious

CPAN shell

perl -MCPAN -e shell
install Mojolicious

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)