CVE-2016-1902: Cryptographic Issues

June 1, 2016 (updated June 3, 2016)

The nextBytes function in the SecureRandom class does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

References

symfony.com/cve-2016-1902

Detect and mitigate CVE-2016-1902 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →