Crypt::DSA versions through 1.19 for Perl use a two-argument form of the open() function, which can allow existing files to be modified when the module handles DSA key files. The two-argument open is susceptible to shell metacharacter injection in the filename argument, potentially enabling an attacker to redirect output to arbitrary files or modify existing files if untrusted input is passed as a filenam [truncated]
Crypt::DSA versions before 1.20 for Perl generate cryptographic seeds using Perl's built-in `rand` function, which is not cryptographically secure. This weakness allows attackers who can observe or predict the seed values to potentially compromise DSA key generation, leading to reduced confidentiality, integrity, and availability of cryptographic operations. The vulnerability was addressed in version 1.20 [truncated]
