CVE-2018-25100

MEDIUM

Mojolicious <7.66 - Info Disclosure

Title source: llm

Description

The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

References (4)

Core 4

Core References

Various Sources

https://metacpan.org/dist/Mojolicious/changes

Patch

https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149

View Patch ZIP pw:eip

Issue Tracking

https://github.com/mojolicious/mojo/issues/1185

Issue Tracking

https://github.com/mojolicious/mojo/pull/1192

Scores

CVSS v3 5.3

EPSS 0.0056

EPSS Percentile 42.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-400

Status published

Published Mar 24, 2024

Tracked Since Feb 18, 2026