VulnerableCode Package Details - pkg:composer/zendframework/zend-captcha@2.4.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-69sw-325w-kqb6 Aliases: GHSA-mg4x-prh7-g4mx	Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability	2.4.9 Affected by 0 other vulnerabilities. 2.5.2 Affected by 0 other vulnerabilities.
VCID-94vc-714p-mbeb Aliases: GMS-2015-47	Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.	2.4.9 Affected by 0 other vulnerabilities. 2.5.2 Affected by 0 other vulnerabilities.
VCID-b5m8-jc12-1yc3 Aliases: ZF2015-09	Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.	2.4.9 Affected by 0 other vulnerabilities. 2.5.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-69sw-325w-kqb6
Aliases:
GHSA-mg4x-prh7-g4mx

Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability

2.4.9
Affected by 0 other vulnerabilities.

2.5.2
Affected by 0 other vulnerabilities.

VCID-94vc-714p-mbeb
Aliases:
GMS-2015-47

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

2.4.9
Affected by 0 other vulnerabilities.

2.5.2
Affected by 0 other vulnerabilities.

VCID-b5m8-jc12-1yc3
Aliases:
ZF2015-09

Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

2.4.9
Affected by 0 other vulnerabilities.

2.5.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-12T19:32:03.294466+00:00	GitLab Importer	Affected by	VCID-69sw-325w-kqb6	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GHSA-mg4x-prh7-g4mx.yml	38.6.0
2026-06-12T16:49:03.813490+00:00	GitLab Importer	Affected by	VCID-b5m8-jc12-1yc3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/ZF2015-09.yml	38.6.0
2026-06-12T16:49:03.474981+00:00	GitLab Importer	Affected by	VCID-94vc-714p-mbeb	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GMS-2015-47.yml	38.6.0