Security Advisories (12)

CPANSA-Mojolicious-2022-03 (2022-12-10)

Mojo::DOM did not correctly parse <script> tags.

CPANSA-Mojolicious-2021-02 (2021-06-01)

Small sessions could be used as part of a brute-force attack to decode the session secret.

https://github.com/mojolicious/mojo/pull/1791

CVE-2021-47208 (2021-03-16)

A bug in format detection can potentially be exploited for a DoS attack.

CPANSA-Mojolicious-2018-03 (2018-05-19)

Mojo::UserAgent was not checking peer SSL certificates by default.

CPANSA-Mojolicious-2018-02 (2018-05-11)

GET requests with embedded backslashes can be used to access local files on Windows hosts

CVE-2018-25100 (2018-02-13)

Mojo::UserAgent::CookieJar leaks old cookies because of the missing host_only flag on empty domain.

CPANSA-Mojolicious-2015-01 (2015-02-02)

Directory traversal on Windows

CPANSA-Mojolicious-2014-01 (2014-10-07)

Context sensitivity of method param could lead to parameter injection attacks.

https://github.com/mojolicious/mojo/commit/a815d4797145f872ef6e9f1270841eda1d410afb

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability in Path.pm in Mojolicious before 1.16 allows remote attackers to read arbitrary files via a %2f..%2f (encoded slash dot dot slash) in a URI.

CVE-2010-4803 (2011-05-03)

Mojolicious before 0.999927 does not properly implement HMAC-MD5 checksums, which has unspecified impact and remote attack vectors.

CVE-2010-4802 (2011-05-03)

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

CVE-2011-1841 (2011-03-10)

Cross-site scripting (XSS) vulnerability in the link_to helper in Mojolicious before 1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

NAME

Mojo::JSON - Minimalistic JSON

SYNOPSIS

use Mojo::JSON;

my $json   = Mojo::JSON->new;
my $string = $json->encode({foo => [1, 2], bar => 'hello!'});
my $hash   = $json->decode('{"foo": [3, -2, 1]}');

DESCRIPTION

Mojo::JSON is a minimalistic implementation of RFC4627.

It supports normal Perl data types like Scalar, Array and Hash, but not blessed references.

[1, -2, 3]     -> [1, -2, 3]
{"foo": "bar"} -> {foo => 'bar'}

Literal names will be translated to and from Mojo::JSON constants or a similar native Perl value.

true  -> Mojo::JSON->true
false -> Mojo::JSON->false
null  -> undef

Decoding UTF-16 (LE/BE) and UTF-32 (LE/BE) will be handled transparently, encoding will only generate UTF-8.

ATTRIBUTES

Mojo::JSON implements the following attributes.

`error`

my $error = $json->error;
$json     = $json->error('Oops!');

METHODS

Mojo::JSON inherits all methods from Mojo::Base and implements the following new ones.

`decode`

my $array = $json->decode('[1, 2, 3]');
my $hash  = $json->decode('{"foo": "bar"}');

`encode`

my $string = $json->encode({foo => 'bar'});

`false`

my $false = Mojo::JSON->false;
my $false = $json->false;

`true`

my $true = Mojo::JSON->true;
my $true = $json->true;

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

ATTRIBUTES

error

METHODS

decode

encode

false

true

SEE ALSO

Module Install Instructions

Keyboard Shortcuts

`error`

`decode`

`encode`

`false`

`true`