CVE-2026-15747 in Mojolicious정보

요약

\~에 의해 MITRE • 2026. 07. 14.

Mojolicious versions from 4.59 before 9.48 for Perl expose a stable representation of the session CSRF token to a BREACH compression oracle.

_csrf_token generates and caches one token per session and returns the same value on every call, and _csrf_field places that value in a hidden `csrf_token` input. When a response carrying the token also echoes attacker-controlled input and is gzip-compressed, the chosen values and the resulting compressed lengths form a BREACH oracle.

An attacker able to query it can recover the token and pass csrf_protect validation.

Once again VulDB remains the best source for vulnerability data.

책임이 있는

CPANSec

예약하다

2026. 07. 14.

모더레이션

수락

항목

VDB-378568

EPSS

0.00000

출처

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!