GHSA-h3g4-wmrw-rm63CriticalCVSS 9.1
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The...
🔗 CVE IDs covered (1)
📋 Description
Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.
The default nonce was generated using an MD5 hash of the epoch time, which is predictable.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-11832
- https://datatracker.ietf.org/doc/html/rfc5849#section-3.3
- https://datatracker.ietf.org/doc/html/rfc5849#section-4.9
- https://metacpan.org/release/BIAFRA/Dancer2-Plugin-Auth-OAuth-0.22/changes
- https://www.cve.org/CVERecord?id=CVE-2025-22376
- https://github.com/advisories/GHSA-h3g4-wmrw-rm63