{"url":"http://public2.vulnerablecode.io/api/packages/52129?format=json","purl":"pkg:deb/debian/libcrypt-saltedhash-perl@0.11-1?distro=trixie","type":"deb","namespace":"debian","name":"libcrypt-saltedhash-perl","version":"0.11-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81202?format=json","vulnerability_id":"VCID-1c8r-4e7k-fqfz","summary":"Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts.\n\nThese versions use the built-in rand function, which is predictable and unsuitable for cryptography.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-47372","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02526","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-47372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47372"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137253","reference_id":"1137253","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137253"},{"reference_url":"https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5.patch","reference_id":"9b68437d2cd420b819b3a795474c3870338d38d5.patch","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-21T14:12:06Z/"}],"url":"https://github.com/robrwo/perl-Crypt-SaltedHash/commit/9b68437d2cd420b819b3a795474c3870338d38d5.patch"},{"reference_url":"https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes","reference_id":"changes","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-05-21T14:12:06Z/"}],"url":"https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes"},{"reference_url":"https://usn.ubuntu.com/8418-1/","reference_id":"USN-8418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8418-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088719?format=json","purl":"pkg:deb/debian/libcrypt-saltedhash-perl@0.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-saltedhash-perl@0.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/52129?format=json","purl":"pkg:deb/debian/libcrypt-saltedhash-perl@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-saltedhash-perl@0.11-1%3Fdistro=trixie"}],"aliases":["CVE-2026-47372"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1c8r-4e7k-fqfz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81276?format=json","vulnerability_id":"VCID-buzc-6j4z-9uft","summary":"Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks.\n\nThese versions use Perl's built-in eq comparison. Discrepencies in timing could be used to guess the underlying hash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-47373","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11817","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-47373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-47373"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137253","reference_id":"1137253","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1137253"},{"reference_url":"https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch","reference_id":"c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T14:10:26Z/"}],"url":"https://github.com/robrwo/perl-Crypt-SaltedHash/commit/c07bfc5c23185b0667233d0f2e1252d81f1f027a.patch"},{"reference_url":"https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes","reference_id":"changes","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-21T14:10:26Z/"}],"url":"https://metacpan.org/release/RRWO/Crypt-SaltedHash-0.10/changes"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1088719?format=json","purl":"pkg:deb/debian/libcrypt-saltedhash-perl@0.12-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-saltedhash-perl@0.12-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/52129?format=json","purl":"pkg:deb/debian/libcrypt-saltedhash-perl@0.11-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-saltedhash-perl@0.11-1%3Fdistro=trixie"}],"aliases":["CVE-2026-47373"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-buzc-6j4z-9uft"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libcrypt-saltedhash-perl@0.11-1%3Fdistro=trixie"}