GHSA-q8fc-v85f-78pw: stormpath/sdk uses Insecure Random Number Generator
The vulnerability pertains to the usage of an insecure random number generator (RNG) in the “stormpath-sdk-php” library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.
References
- github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml
- github.com/advisories/GHSA-q8fc-v85f-78pw
- github.com/stormpath/stormpath-sdk-php
- github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php
- github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php
- github.com/stormpath/stormpath-sdk-php/issues/132
Detect and mitigate GHSA-q8fc-v85f-78pw with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →