Security Advisories (3)

CVE-2026-5080 (2026-04-30)

Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems.

CVE-2012-5572 (2014-05-30)

CRLF injection vulnerability in the cookie method allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a cookie name.

CVE-2011-1589 (2011-04-05)

Directory traversal vulnerability (Mojolicious report, but Dancer was vulnerable as well).

NAME

Dancer::Response - Response object for Dancer

SYNOPSIS

# create a new response object
Dancer::Response->new(
    status => 200,
    content => 'this is my content'
);

Dancer::SharedData->response->status; # 200

# fetch current response object
my $response = Dancer::SharedData->response;

# fetch the current status
$response->status; # 200

# change the status
$response->status(500);

PUBLIC API

new

Dancer::Response->new(
    status  => 200,
    content => 'my content',
    headers => HTTP::Headers->new(...),
);

create and return a new Dancer::Response object

current

my $response = Dancer::SharedData->response->current();

return the current Dancer::Response object, and reset the object

exists

if ($response->exists) {
    ...
}

test if the Dancer::Response object exists

content

# get the content
my $content = $response->content;
my $content = Dancer::SharedData->response->content;

# set the content
$response->content('my new content');
Dancer::SharedData->response->content('my new content');

set or get the content of the current response object

status

# get the status
my $status = $response->status;
my $status = Dancer::SharedData->response->status;

# set the status
$response->status(201);
Dancer::SharedData->response->status(201);

set or get the status of the current response object

content_type

# get the status
my $ct = $response->content_type;
my $ct = Dancer::SharedData->response->content_type;

# set the status
$response->content_type('application/json');
Dancer::SharedData->response->content_type('application/json');

set or get the status of the current response object

pass

$response->pass;
Dancer::SharedData->response->pass;

set the pass value to one for this response

has_passed

if ($response->has_passed) {
    ...
}

if (Dancer::SharedData->response->has_passed) {
    ...
}

test if the pass value is set to true

halt

Dancer::SharedData->response->halt();
$response->halt;

halted

if (Dancer::SharedData->response->halted) {
   ...
}

if ($response->halted) {
    ...
}

# set the header
$response->header('X-Foo' => 'bar');
Dancer::SharedData->response->header('X-Foo' => 'bar');

# get the header
my $header = $response->header('X-Foo');
my $header = Dancer::SharedData->response->header('X-Foo');

get or set the value of a header

headers

$response->headers(HTTP::Headers->new(...));
Dancer::SharedData->response->headers(HTTP::Headers->new(...));

return the list of headers for the current response

headers_to_array

my $headers_psgi = $response->headers_to_array();
my $headers_psgi = Dancer::SharedData->response->headers_to_array();

this method is called before returning a PSGI response. It transforms the list of headers to an array reference.

To install Dancer, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Dancer

CPAN shell

perl -MCPAN -e shell
install Dancer

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)