CVE-2026-11832 PUBLISHED

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce

Assigner: CPANSec
Reserved: 09.06.2026 Published: 15.06.2026 Updated: 15.06.2026

Dancer2::Plugin::Auth::OAuth versions before 0.22 for Perl default to a predictable nonce.

The default nonce was generated using an MD5 hash of the epoch time, which is predictable.

Product Status

Vendor BIAFRA
Product Dancer2::Plugin::Auth::OAuth
Versions Default: unaffected
  • affected from 0 to 0.22 (excl.)

Solutions

Upgrade to version 0.22 or later.

References

Problem Types

  • CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) CWE