GHSA-h3g4-wmrw-rm63CriticalCVSS 9.1

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce. The...

Published
June 16, 2026
Last Modified
June 16, 2026

🔗 CVE IDs covered (1)

📋 Description

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.

The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

🔗 References (6)