2 matches found
cloud.agileframework:agile-security (>=2.1.0.M8 <=2.2.0.M7), cloud.agileframework:spring-boot-starter-kaptcha (>=2.1.0.M8 <=2.2.0.M7) +234 more potentially affected by CVE-2018-18531 via com.github.penggle:kaptcha (=2.3.2)
com.github.penggle:kaptcha MAVEN version =2.3.2 is affected by a known vulnerability. The following packages have a transitive dependency on com.github.penggle:kaptcha and may be impacted: - cloud.agileframework:agile-security =2.1.0.M8, =2.1.0.M8, =1.0.0-2024, =1.0.0-2024, =1.0.0-2024, =1.0.0,...
GHSA-8Q89-PWHH-7WFQ Use of Insufficiently Random Values in penggle:kaptcha
text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha 2.3.2 use the Random rather than SecureRandom function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictio...