GHSA-q8fc-v85f-78pw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-q8fc-v85f-78pw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/05/GHSA-q8fc-v85f-78pw/GHSA-q8fc-v85f-78pw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-q8fc-v85f-78pw
- Published
- 2024-05-29T13:09:29Z
- Modified
- 2024-12-04T05:40:09.638665Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- stormpath/sdk uses Insecure Random Number Generator
- Details
-
The vulnerability pertains to the usage of an insecure random number generator (RNG) in the "stormpath-sdk-php" library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-338" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-05-29T13:09:29Z" }- References
-
- https://github.com/stormpath/stormpath-sdk-php/issues/132
- https://github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml
- https://github.com/stormpath/stormpath-sdk-php
- https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181
- https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50
Affected packages
Packagist / stormpath/sdk
Package
- Name
- stormpath/sdk
- Purl
- pkg:composer/stormpath/sdk
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected1.19.0
Affected versions
0.*
0.1.0
0.2.0
0.3.0
0.3.1
0.3.2
1.*
1.0.0.beta
1.0.1.beta
1.1.0.beta
1.2.0.beta
1.2.1.beta
1.3.0.beta
1.4.0.beta
1.5.0.beta
1.6.0.beta
1.7.0.beta
1.8.0.beta
1.8.1.beta
1.9.0.beta
1.10.0.beta
1.11.0.beta
1.12.0
1.12.1
1.12.2
1.13.0
1.14.0
1.15.0
1.16.0
1.17.0
1.17.1
1.17.2
1.18.0
1.19.0