Security Advisories (13)
CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-03-10)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVE-2026-14803 (2026-07-06)

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory. This path is the default when Cpanel::JSON::XS is not installed or `MOJO_NO_JSON_XS=1` is set; the Cpanel::JSON::XS fast path is not affected. Any caller that decodes an untrusted JSON body, for example `Mojo::Message::json` reached through `$c->req->json`, can exhaust process memory and cause denial of service.

NAME

Mojo::Log - Simple Logger For Mojo

SYNOPSIS

use Mojo::Log;

# Create a logging object that will log to STDERR by default
my $log = Mojo::Log->new;

# Customize the log location and minimum log level
my $log = Mojo::Log->new(
    path  => '/var/log/mojo.log',
    level => 'warn',
);

$log->debug("Why isn't this working?");
$log->info("FYI: it happened again");
$log->warn("This might be a problem");
$log->error("Garden variety error");
$log->fatal("Boom!");

DESCRIPTION

Mojo::Log is a simple logger for Mojo projects.

ATTRIBUTES

Mojo::Log implements the following attributes.

handle

my $handle = $log->handle;
$log       = $log->handle(IO::File->new);

level

my $level = $log->level;
$log      = $log->level('debug');

path

my $path = $log->path
$log     = $log->path('/var/log/mojo.log');

METHODS

Mojo::Log inherits all methods from Mojo::Base and implements the following new ones.

debug

$log = $log->debug('You screwed up, but thats ok');

error

$log = $log->error('You really screwed up this time');

fatal

$log = $log->fatal('Its over...');

info

$log = $log->info('You are bad, but you prolly know already');

is_level

my $is = $log->is_level('debug');

is_debug

my $is = $log->is_debug;

is_error

my $is = $log->is_error;

is_fatal

my $is = $log->is_fatal;

is_info

my $is = $log->is_info;

is_warn

my $is = $log->is_warn;

log

$log = $log->log(debug => 'This should work');

warn

$log = $log->warn('Dont do that Dave...');

SEE ALSO

Mojolicious, Mojolicious::Book, http://mojolicious.org.