VulnerableCode Package Details - pkg:composer/zendframework/zend-captcha@2.4.9

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-5cz1-j5rs-dub8	Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.	GMS-2015-47
VCID-8atm-865q-mkf3	Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.	ZF2015-09
VCID-ud17-u8e3-8qaj	Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\Captcha\Word` (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.	GHSA-mg4x-prh7-g4mx

Vulnerability

Summary

Aliases

VCID-5cz1-j5rs-dub8

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

GMS-2015-47

VCID-8atm-865q-mkf3

Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

ZF2015-09

VCID-ud17-u8e3-8qaj

Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\Captcha\Word` (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.

GHSA-mg4x-prh7-g4mx

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-04T16:51:00.946163+00:00	GithubOSV Importer	Fixing	VCID-ud17-u8e3-8qaj	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/06/GHSA-mg4x-prh7-g4mx/GHSA-mg4x-prh7-g4mx.json	38.6.0
2026-06-04T16:21:54.570503+00:00	GitLab Importer	Fixing	VCID-ud17-u8e3-8qaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GHSA-mg4x-prh7-g4mx.yml	38.6.0
2026-06-02T04:36:27.020758+00:00	GitLab Importer	Fixing	VCID-8atm-865q-mkf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/ZF2015-09.yml	38.6.0
2026-06-02T04:36:26.984536+00:00	GitLab Importer	Fixing	VCID-5cz1-j5rs-dub8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GMS-2015-47.yml	38.6.0