In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.
{ "binaries": [ { "binary_name": "libnet-oauth-perl", "binary_version": "0.28-2" } ] }
{ "binaries": [ { "binary_name": "libnet-oauth-perl", "binary_version": "0.28-3" } ] }
{ "binaries": [ { "binary_name": "libnet-oauth-perl", "binary_version": "0.28-4" } ] }