What the vulnerability does

01Description

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.

Key dates

02Disclosure timeline

January 3, 2025 CVE published
January 21, 2025 Record updated

Related vulnerabilities

04Related CVE