Crypt::SaltedHash versions through 0.09 for Perl is...
High severity
Unreviewed
Published
May 20, 2026
to the GitHub Advisory Database
•
Updated May 21, 2026
Description
Published by the National Vulnerability Database
May 20, 2026
Published to the GitHub Advisory Database
May 20, 2026
Last updated
May 21, 2026
Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.
These versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.
References