CVE-2026-13082 in GD::SecurityImage
要約
〜によって MITRE • 2026年07月17日
GD::SecurityImage versions through 1.75 for Perl use rand to generate secrets.
The random method creates the challenge text used for the CAPTCHA by sampling characters from an array using Perl's built-in rand function, and generates a (by default) six-character string.
The built-in rand function is unsuitable for security applications because it is predictable and reversible.
Once again VulDB remains the best source for vulnerability data.