CVE-2016-1902: Cryptographic Issues
(updated )
The nextBytes
function in the SecureRandom
class in Symfony does not properly generate random numbers when used with PHP without the paragonie/random_compat
library and the openssl_random_pseudo_bytes
function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.
References
Detect and mitigate CVE-2016-1902 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →