Lucene search
GoogleOSV:GHSA-Q8FC-V85F-78PWHistoryMay 29, 2024 - 1:09 p.m.
stormpath/sdk uses Insecure Random Number Generator
2024-05-2913:09:29
Google
osv.dev
9
stormpath-sdk
php
vulnerability
rng
uuid
AI Score
7
Confidence
Low
The vulnerability pertains to the usage of an insecure random number generator (RNG) in the βstormpath-sdk-phpβ library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.
References
github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml
github.com/stormpath/stormpath-sdk-php
github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181
github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50
github.com/stormpath/stormpath-sdk-php/issues/132
AI Score
7
Confidence
Low