GHSA-3fmq-x9q6-wm39

Опубликовано: 17 мая 2024

Источник: github

Github: Прошло ревью

Описание

random_compat Uses insecure CSPRNG

random_compat versions prior to 2.0 are affected by a security vulnerability related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators (CSPRNG). The affected versions use openssl_random_pseudo_bytes(), which may result in insufficient entropy and compromise the security of generated random numbers.

Ссылки

https://github.com/paragonie/random_compat/issues/96
https://github.com/FriendsOfPHP/security-advisories/blob/master/paragonie/random_compat/2016-03-16.yaml

Пакеты

Наименование

paragonie/random_compat

composer

Затронутые версииВерсия исправления

< 2.0

2.0

Дефекты

CWE-331

Дефекты

CWE-331