Nixpkgs security tracker

Login with GitHub

Suggestions search

With package: perlPackages.Mojolicious

Found 1 matching suggestions

View:
Compact
Detailed
Published
Permalink CVE-2026-14803
6.5 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 4 hours ago by @LeSuisse Activity log
  • Created suggestion
  • @LeSuisse ignored
    22 packages
    • perlPackages.MojoliciousPluginI18N
    • perlPackages.MojoliciousPluginMail
    • perl5Packages.MojoliciousPluginI18N
    • perl5Packages.MojoliciousPluginMail
    • perlPackages.MojoliciousPluginStatus
    • perlPackages.MojoliciousPluginSyslog
    • perl5Packages.MojoliciousPluginStatus
    • perl5Packages.MojoliciousPluginSyslog
    • perlPackages.MojoliciousPluginOpenAPI
    • perlPackages.MojoliciousPluginWebpack
    • perl5Packages.MojoliciousPluginOpenAPI
    • perl5Packages.MojoliciousPluginWebpack
    • perlPackages.MojoliciousPluginGravatar
    • perl5Packages.MojoliciousPluginGravatar
    • perlPackages.MojoliciousPluginAssetPack
    • perl5Packages.MojoliciousPluginAssetPack
    • perlPackages.MojoliciousPluginRenderFile
    • perl5Packages.MojoliciousPluginRenderFile
    • perlPackages.MojoliciousPluginTextExceptions
    • perl5Packages.MojoliciousPluginTextExceptions
    • perlPackages.MojoliciousPluginTemplateToolkit
    • perl5Packages.MojoliciousPluginTemplateToolkit
  • @LeSuisse accepted
  • @LeSuisse published on GitHub
Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder

Mojo::JSON versions before 9.47 for Perl allow memory exhaustion via unbounded recursion in the pure-Perl decoder. The pure-Perl decode path (`_decode_value` dispatching to `_decode_array` and `_decode_object`) recurses with no depth limit, so a small deeply nested JSON document can consume excessive memory. This path is the default when Cpanel::JSON::XS is not installed or `MOJO_NO_JSON_XS=1` is set; the Cpanel::JSON::XS fast path is not affected. Any caller that decodes an untrusted JSON body, for example `Mojo::Message::json` reached through `$c->req->json`, can exhaust process memory and cause denial of service.

Affected products

Mojolicious
  • <9.47

Matching in nixpkgs

Ignored packages (22)

Package maintainers