Home

Description

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

PUBLISHED Reserved 2026-06-09 | Published 2026-06-15 | Updated 2026-06-16 | Assigner CPANSec

Problem types

CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Product status

Default status
unaffected

Any version before 0.22
affected

References

metacpan.org/...IAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes release-notes

www.cve.org/CVERecord?id=CVE-2025-22376 related

datatracker.ietf.org/doc/html/rfc5849

datatracker.ietf.org/doc/html/rfc5849

cve.org (CVE-2026-11832)

nvd.nist.gov (CVE-2026-11832)

Download JSON