VIR Vulnerability Intelligence Relay

CVE-2010-4802

critical
Published 2011-05-03 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
10.0

Description

Commands.pm in Mojolicious before 0.999928 does not properly perform CGI environment detection, which has unspecified impact and remote attack vectors.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 0.999929-1
sid Fixed 0.999929-1
forky Fixed 0.999929-1
bullseye Fixed 0.999929-1
bookworm Fixed 0.999929-1

Application impact
VendorProductVersionsFixed
mojoliciousmojolicious{"endIncluding":"0.999927"}
mojoliciousmojolicious0.2
mojoliciousmojolicious0.3
mojoliciousmojolicious0.4
mojoliciousmojolicious0.5
mojoliciousmojolicious0.6
mojoliciousmojolicious0.7
mojoliciousmojolicious0.8
mojoliciousmojolicious0.8.1
mojoliciousmojolicious0.8.2
mojoliciousmojolicious0.8.3
mojoliciousmojolicious0.8.4
mojoliciousmojolicious0.8.5
mojoliciousmojolicious0.9
mojoliciousmojolicious0.8006
mojoliciousmojolicious0.8007
mojoliciousmojolicious0.8008
mojoliciousmojolicious0.8009
mojoliciousmojolicious0.9001
mojoliciousmojolicious0.9002
mojoliciousmojolicious0.991231
mojoliciousmojolicious0.991232
mojoliciousmojolicious0.991233
mojoliciousmojolicious0.991234
mojoliciousmojolicious0.991235
mojoliciousmojolicious0.991236
mojoliciousmojolicious0.991237
mojoliciousmojolicious0.991238
mojoliciousmojolicious0.991239
mojoliciousmojolicious0.991240
mojoliciousmojolicious0.991241
mojoliciousmojolicious0.991242
mojoliciousmojolicious0.991243
mojoliciousmojolicious0.991244
mojoliciousmojolicious0.991245
mojoliciousmojolicious0.991246
mojoliciousmojolicious0.991250
mojoliciousmojolicious0.991251
mojoliciousmojolicious0.999901
mojoliciousmojolicious0.999902
mojoliciousmojolicious0.999903
mojoliciousmojolicious0.999904
mojoliciousmojolicious0.999905
mojoliciousmojolicious0.999906
mojoliciousmojolicious0.999907
mojoliciousmojolicious0.999908
mojoliciousmojolicious0.999909
mojoliciousmojolicious0.999910
mojoliciousmojolicious0.999911
mojoliciousmojolicious0.999912
mojoliciousmojolicious0.999913
mojoliciousmojolicious0.999914
mojoliciousmojolicious0.999920
mojoliciousmojolicious0.999921
mojoliciousmojolicious0.999922
mojoliciousmojolicious0.999923
mojoliciousmojolicious0.999924
mojoliciousmojolicious0.999925
mojoliciousmojolicious0.999926

References

CWEs

CWE-20

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.