Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/zendframework/zendframework1@1.12.18
Typecomposer
Namespacezendframework
Namezendframework1
Version1.12.18
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version1.12.19
Latest_non_vulnerable_version1.12.20
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-n2gy-93nd-gber
vulnerability_id VCID-n2gy-93nd-gber
summary Potential Insufficient Entropy Vulnerability in ZF1.
references
0
reference_url https://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url https://framework.zend.com/security/advisory/ZF2016-01
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases ZF2016-01
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2gy-93nd-gber
1
url VCID-sjw9-2fwe-5ybg
vulnerability_id VCID-sjw9-2fwe-5ybg
summary 
Potential Insufficient Entropy
There are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.
references
0
reference_url http://framework.zend.com/security/advisory/ZF2016-01
reference_id
reference_type
scores
url http://framework.zend.com/security/advisory/ZF2016-01
1
reference_url https://bugs.php.net/bug.php?id=70014
reference_id
reference_type
scores
url https://bugs.php.net/bug.php?id=70014
2
reference_url https://github.com/paragonie/random_compat/issues/96
reference_id
reference_type
scores
url https://github.com/paragonie/random_compat/issues/96
fixed_packages
0
url pkg:composer/zendframework/zendframework1@1.12.18
purl pkg:composer/zendframework/zendframework1@1.12.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18
aliases ZF2016-11
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sjw9-2fwe-5ybg
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18