/ 
Dancer-1.175
Security Advisories (3)
CVE-2026-5080 (2026-04-30)

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

CVE-2012-5572 (2014-05-30)

CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).

Documentation

Dancer::Cookbook
a quick-start guide to the Dancer web framework
Dancer::Deployment
common ways to put your Dancer app into use
dancer
helper script to create new Dancer applications

Modules

Dancer
Lightweight yet powerful web application framework
Dancer::Config
Setting registry for Dancer
Dancer::Engine
Base class for Dancer engines
Dancer::Error
Objects representing fatal errors
Dancer::HTTP
Helper for rendering HTTP status codes for Dancer
Dancer::Logger
Common interface for logging in Dancer
Dancer::ModuleLoader
dynamic module loading helpers for Dancer core components
Dancer::Plugin
Dancer::Request
Interface for accessing incoming requests
Dancer::Request::Upload
handles file uploads requests
Dancer::Route::Cache
route caching mechanism for Dancer
Dancer::Serializer
serializer support in Dancer
Dancer::Serializer::JSON
Dancer::Serializer::Mutable
Dancer::Serializer::YAML
Dancer::Session
session engine for the Dancer framework
Dancer::Session::Abstract
Abstract class for session engine
Dancer::Session::Simple
Simple in-memory session backend for Dancer
Dancer::Session::YAML
YAML-file-based session backend for Dancer
Dancer::Template
template support in Dancer
Dancer::Template::Abstract
abstract class for Dancer's template engines
Dancer::Template::Simple
a pure Perl 5 template engine for Dancer
Dancer::Template::TemplateToolkit
Template Toolkit wrapper for Dancer

Provides

Dancer::Cookie
in lib/Dancer/Cookie.pm
Dancer::Cookies
in lib/Dancer/Cookies.pm
Dancer::FileUtils
in lib/Dancer/FileUtils.pm
Dancer::GetOpt
in lib/Dancer/GetOpt.pm
Dancer::Handler
in lib/Dancer/Handler.pm
Dancer::Handler::PSGI
in lib/Dancer/Handler/PSGI.pm
Dancer::Handler::Standalone
in lib/Dancer/Handler/Standalone.pm
Dancer::Helpers
in lib/Dancer/Helpers.pm
Dancer::Logger::Abstract
in lib/Dancer/Logger/Abstract.pm
Dancer::Logger::File
in lib/Dancer/Logger/File.pm
Dancer::Object
in lib/Dancer/Object.pm
Dancer::Renderer
in lib/Dancer/Renderer.pm
Dancer::Response
in lib/Dancer/Response.pm
Dancer::Route
in lib/Dancer/Route.pm
Dancer::Route::Builder
in lib/Dancer/Route/Builder.pm
Dancer::Route::Registry
in lib/Dancer/Route/Registry.pm
Dancer::Serializer::Abstract
in lib/Dancer/Serializer/Abstract.pm
Dancer::Serializer::Dumper
in lib/Dancer/Serializer/Dumper.pm
Dancer::Serializer::XML
in lib/Dancer/Serializer/XML.pm
Dancer::SharedData
in lib/Dancer/SharedData.pm

Other files