CVE-2025-1860 Information

Description

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy which is not cryptographically secure for cryptographic functions.

Reference

https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80 https://perldoc.perl.org/functions/rand