The vulnerability pertains to the usage of an insecure random number generator (RNG) in the βstormpath-sdk-phpβ library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.
github.com/advisories/GHSA-q8fc-v85f-78pw
github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml
github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181
github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50
github.com/stormpath/stormpath-sdk-php/issues/132