CVE-2019-3795

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-3795

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-3795.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-3795

Aliases

GHSA-v2r2-7qm7-jj6v

Related

DLA-1794-1

Published

2019-04-09T16:29:01Z

Modified

2024-09-03T02:51:43.454049Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Spring Security versions 4.2.x prior to 4.2.12, 5.0.x prior to 5.0.12, and 5.1.x prior to 5.1.5 contain an insecure randomness vulnerability when using SecureRandomFactoryBean#setSeed to configure a SecureRandom instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.

References

Affected packages

Git / github.com/spring-projects/spring-security

Affected ranges

Type: GIT
Repo: https://github.com/spring-projects/spring-security
Events: Introduced

24fcb6c45a55333e5b856b6c73f14b68ceca0e19

Fixed

f154c7d9dcdebc690bf504b812db21a6d7148caf

Affected versions

4.*

4.2.0.RELEASE

4.2.1.RELEASE

4.2.10.RELEASE

4.2.11.RELEASE

4.2.2.RELEASE

4.2.3.RELEASE

4.2.4.RELEASE

4.2.5.RELEASE

4.2.6.RELEASE

4.2.7.RELEASE

4.2.9.RELEASE