{"id":"CVE-2020-36829","details":"The Mojolicious module before 8.65 for Perl is vulnerable to secure_compare timing attacks that allow an attacker to guess the length of a secret string. Only versions after 1.74 are affected.","modified":"2026-04-12T00:01:08.696434Z","published":"2024-04-08T00:15:07.840Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/06/msg00025.html"},{"type":"REPORT","url":"https://github.com/mojolicious/mojo/issues/1599"},{"type":"FIX","url":"https://github.com/mojolicious/mojo/pull/1601"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mojolicious/mojo","events":[{"introduced":"0"},{"fixed":"1308d0a66a7aadeafeaec0a87627de8ad1e367e7"}],"database_specific":{"source":"DESCRIPTION","extracted_events":[{"introduced":"0"},{"fixed":"8.65"}]}}],"versions":["v0.999920","v0.999921","v0.999922","v0.999923","v0.999924","v0.999925","v0.999926","v0.999927","v0.999928","v0.999929","v0.999930","v0.999931","v0.999932","v0.999933","v0.999934","v0.999935","v0.999936","v0.999937","v0.999938","v0.999939","v0.999940","v0.999941","v0.999950","v1.0","v1.01","v1.1","v1.11","v1.12","v1.13","v1.14","v1.15","v1.17","v1.18","v1.19","v1.20","v1.21","v1.22","v1.3","v1.31","v1.32","v1.33","v1.34","v1.4","v1.41","v1.42","v1.43","v1.44","v1.45","v1.46","v1.47","v1.48","v1.49","v1.50","v1.51","v1.52","v1.53","v1.54","v1.55","v1.56","v1.57","v1.58","v1.59","v1.60","v1.61","v1.62","v1.63","v1.64","v1.65","v1.66","v1.67","v1.68","v1.69","v1.70","v1.71","v1.72","v1.73","v1.74","v1.75","v1.76","v1.77","v1.78","v1.79","v1.80","v1.81","v1.82","v1.83","v1.84","v1.85","v1.86","v1.87","v1.88","v1.89","v1.90","v1.91","v1.92","v1.93","v1.94","v1.95","v1.96","v1.97","v1.98","v1.99","v2.0","v2.01","v2.02","v2.03","v2.04","v2.05","v2.06","v2.07","v2.08","v2.09","v2.10","v2.11","v2.12","v2.13","v2.14","v2.15","v2.16","v2.17","v2.18","v2.19","v2.20","v2.21","v2.22","v2.23","v2.24","v2.25","v2.26","v2.27","v2.28","v2.29","v2.30","v2.31","v2.32","v2.33","v2.34","v2.35","v2.36","v2.37","v2.38","v2.39","v2.40","v2.41","v2.42","v2.43","v2.44","v2.45","v2.46","v2.47","v2.48","v2.49","v2.50","v2.51","v2.52","v2.53","v2.54","v2.55","v2.56","v2.57","v2.58","v2.59","v2.60","v2.61","v2.62","v2.63","v2.64","v2.65","v2.66","v2.67","v2.68","v2.69","v2.70","v2.71","v2.72","v2.73","v2.74","v2.75","v2.76","v2.77","v2.78","v2.79","v2.80","v2.81","v2.82","v2.83","v2.84","v2.85","v2.86","v2.87","v2.88","v2.89","v2.90","v2.91","v2.92","v2.93","v2.94","v2.95","v2.96","v2.97","v2.98","v3.0","v3.01","v3.02","v3.03","v3.04","v3.05","v3.06","v3.07","v3.08","v3.09","v3.10","v3.11","v3.12","v3.13","v3.14","v3.15","v3.16","v3.17","v3.18","v3.19","v3.20","v3.21","v3.22","v3.23","v3.24","v3.25","v3.26","v3.27","v3.28","v3.29","v3.30","v3.31","v3.32","v3.33","v3.34","v3.35","v3.36","v3.37","v3.38","v3.39","v3.40","v3.41","v3.42","v3.43","v3.44","v3.45","v3.46","v3.47","v3.48","v3.49","v3.50","v3.51","v3.52","v3.53","v3.54","v3.55","v3.56","v3.57","v3.58","v3.59","v3.60","v3.61","v3.62","v3.63","v3.64","v3.65","v3.66","v3.67","v3.68","v3.69","v3.70","v3.71","v3.72","v3.73","v3.74","v3.75","v3.76","v3.77","v3.78","v3.79","v3.80","v3.81","v3.82","v3.83","v3.84","v3.85","v3.86","v3.87","v3.88","v3.89","v3.90","v3.91","v3.92","v3.93","v3.94","v3.95","v3.96","v3.97","v4.0","v4.01","v4.02","v4.03","v4.04","v4.05","v4.06","v4.07","v4.08","v4.09","v4.10","v4.11","v4.12","v4.13","v4.14","v4.15","v4.16","v4.17","v4.18","v4.19","v4.20","v4.21","v4.22","v4.23","v4.24","v4.25","v4.26","v4.27","v4.28","v4.29","v4.30","v4.31","v4.32","v4.33","v4.34","v4.35","v4.36","v4.37","v4.38","v4.39","v4.40","v4.41","v4.42","v4.43","v4.44","v4.45","v4.46","v4.47","v4.48","v4.49","v4.50","v4.51","v4.52","v4.53","v4.54","v4.55","v4.56","v4.57","v4.58","v4.59","v4.60","v4.61","v4.62","v4.63","v4.64","v4.65","v4.66","v4.67","v4.68","v4.69","v4.70","v4.71","v4.72","v4.73","v4.74","v4.75","v4.76","v4.77","v4.78","v4.79","v4.80","v4.81","v4.82","v4.83","v4.84","v4.85","v4.86","v4.87","v4.88","v4.89","v4.90","v4.91","v4.92","v4.93","v4.94","v4.95","v4.96","v4.97","v4.98","v4.99","v5.0","v5.01","v5.02","v5.03","v5.04","v5.05","v5.06","v5.07","v5.08","v5.09","v5.10","v5.11","v5.12","v5.13","v5.14","v5.15","v5.16","v5.17","v5.18","v5.19","v5.20","v5.21","v5.22","v5.23","v5.24","v5.25","v5.26","v5.27","v5.28","v5.29","v5.30","v5.31","v5.32","v5.33","v5.34","v5.35","v5.36","v5.37","v5.38","v5.39","v5.40","v5.41","v5.42","v5.43","v5.44","v5.45","v5.46","v5.47","v5.48","v5.49","v5.50","v5.51","v5.52","v5.53","v5.54","v5.55","v5.56","v5.57","v5.58","v5.59","v5.60","v5.61","v5.62","v5.63","v5.64","v5.65","v5.66","v5.67","v5.68","v5.69","v5.70","v5.71","v5.72","v5.73","v5.74","v5.75","v5.76","v5.77","v5.78","v5.79","v5.80","v5.81","v5.82","v6.0","v6.01","v6.02","v6.03","v6.04","v6.05","v6.06","v6.07","v6.08","v6.09","v6.10","v6.11","v6.12","v6.13","v6.14","v6.15","v6.16","v6.17","v6.18","v6.19","v6.20","v6.21","v6.22","v6.23","v6.24","v6.25","v6.26","v6.27","v6.28","v6.29","v6.30","v6.31","v6.32","v6.33","v6.34","v6.35","v6.36","v6.37","v6.38","v6.39","v6.40","v6.41","v6.42","v6.43","v6.44","v6.45","v6.46","v6.47","v6.48","v6.49","v6.50","v6.51","v6.52","v6.53","v6.54","v6.55","v6.56","v6.57","v6.58","v6.59","v6.60","v6.61","v6.62","v6.63","v6.64","v6.65","v6.66","v7.0","v7.01","v7.02","v7.03","v7.04","v7.05","v7.06","v7.07","v7.08","v7.09","v7.10","v7.11","v7.12","v7.13","v7.14","v7.15","v7.16","v7.17","v7.18","v7.19","v7.20","v7.21","v7.22","v7.23","v7.24","v7.25","v7.26","v7.27","v7.28","v7.29","v7.30","v7.31","v7.32","v7.33","v7.34","v7.35","v7.36","v7.37","v7.38","v7.39","v7.40","v7.41","v7.42","v7.43","v7.44","v7.45","v7.46","v7.47","v7.48","v7.49","v7.50","v7.51","v7.52","v7.53","v7.54","v7.55","v7.56","v7.57","v7.58","v7.59","v7.60","v7.61","v7.62","v7.63","v7.64","v7.65","v7.66","v7.67","v7.68","v7.69","v7.70","v7.71","v7.72","v7.73","v7.74","v7.75","v7.76","v7.77","v7.78","v7.79","v7.80","v7.81","v7.82","v7.83","v7.84","v7.85","v7.86","v7.87","v7.88","v7.89","v7.90","v7.91","v7.92","v7.93","v7.94","v8.0","v8.01","v8.02","v8.03","v8.04","v8.05","v8.06","v8.07","v8.08","v8.09","v8.10","v8.11","v8.12","v8.13","v8.14","v8.15","v8.16","v8.17","v8.18","v8.19","v8.20","v8.21","v8.22","v8.23","v8.24","v8.25","v8.26","v8.27","v8.28","v8.29","v8.30","v8.31","v8.32","v8.33","v8.34","v8.35","v8.36","v8.37","v8.38","v8.39","v8.40","v8.41","v8.42","v8.50","v8.51","v8.52","v8.53","v8.54","v8.55","v8.56","v8.57","v8.58","v8.59","v8.60","v8.61","v8.62","v8.63","v8.64"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36829.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}