Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:composer/zendframework/zend-captcha@2.4.2
purl pkg:composer/zendframework/zend-captcha@2.4.2
Next non-vulnerable version 2.4.9
Latest non-vulnerable version 2.5.2
Risk
Vulnerabilities affecting this package (2)
Vulnerability Summary Fixed by
VCID-5cz1-j5rs-dub8
Aliases:
GMS-2015-47
Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.
2.4.9
Affected by 0 other vulnerabilities.
2.5.2
Affected by 0 other vulnerabilities.
VCID-8atm-865q-mkf3
Aliases:
ZF2015-09
Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.
2.4.9
Affected by 0 other vulnerabilities.
2.5.2
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-04T20:05:13.187533+00:00 GitLab Importer Affected by VCID-8atm-865q-mkf3 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/ZF2015-09.yml 38.6.0
2026-06-04T20:05:13.007790+00:00 GitLab Importer Affected by VCID-5cz1-j5rs-dub8 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GMS-2015-47.yml 38.6.0