CVE-2018-25100

Published: 24 March 2024

The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

Priority

Status

Package	Release	Status
libmojolicious-perl Launchpad, Ubuntu, Debian	bionic	Needs triage
	focal	Not vulnerable (8.33+dfsg-1)
	jammy	Not vulnerable
	mantic	Not vulnerable
	upstream	Released (7.71+dfsg-1)
	xenial	Needs triage
	Patches: upstream: https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149

References

https://github.com/mojolicious/mojo/pull/1192
https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149 (v7.66)
https://metacpan.org/dist/Mojolicious/changes
https://www.cve.org/CVERecord?id=CVE-2018-25100
NVD
Launchpad
Debian

Bugs

https://github.com/mojolicious/mojo/issues/1185

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›