In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
{ "binaries": [ { "binary_version": "0.28-2", "binary_name": "libnet-oauth-perl" } ] }
{ "binaries": [ { "binary_version": "0.28-3", "binary_name": "libnet-oauth-perl" } ] }
{ "binaries": [ { "binary_version": "0.28-4", "binary_name": "libnet-oauth-perl" } ] }