Security Advisories (3)

CVE-2026-5080 (2026-04-30)

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

CVE-2012-5572 (2014-05-30)

CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).

NAME

Dancer::Plugins - interesting plugins to add to Dancer's capabilities

DESCRIPTION

Dancer aims to keep the core as small as possible, but there are a growing number of useful plugins to add helpful features.

This document provides a quick summary of some recommended plugins.

PLUGINS

Dancer::Plugin::Database: Provides easy database access via DBI, reading the DB connection details from your app's config file, and taking care of ensuring the connection is still valid and reconnecting if not (useful in persistent environments). Just calling the database keyword gives you a connected and working database handle.
Dancer::Plugin::Email: Provides easy email-sending powered by Email::Send - simply call the email keyword. Email sending settings can be taken from your app's config.
Dancer::Plugin::REST: Makes writing RESTful web services easy.
Dancer::Plugin::SiteMap: Automatically provides site maps (as a HTML page, or as an XML sitemap ready for Google) based on the routes your app defines.
Dancer::Plugin::Validation: Easy data validation powered by Oogly.

More plugins are appearing on CPAN all the time - just search for Dancer::Plugin to see what may have been released since this document was last updated!

To install Dancer, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Dancer

CPAN shell

perl -MCPAN -e shell
install Dancer

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

PLUGINS

Module Install Instructions

Keyboard Shortcuts