======================================================================== CVE-2026-47372 CPAN Security Group ========================================================================
CVE ID: CVE-2026-47372 Distribution: Crypt-SaltedHash Versions: through 0.09 MetaCPAN: https://metacpan.org/dist/Crypt-SaltedHash VCS Repo: https://github.com/robrwo/perl-Crypt-SaltedHash Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts Description ----------- Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography. Problem types ------------- - CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) Solutions --------- Upgrade to version 0.10 or later. References ---------- https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5.patch
