VulnerableCode Package Details - pkg:composer/zendframework/zend-captcha@2.5.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-5cz1-j5rs-dub8 Aliases: GMS-2015-47	Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.	2.5.2 Affected by 0 other vulnerabilities.
VCID-8atm-865q-mkf3 Aliases: ZF2015-09	Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.	2.5.2 Affected by 0 other vulnerabilities.
VCID-ud17-u8e3-8qaj Aliases: GHSA-mg4x-prh7-g4mx	Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\Captcha\Word` (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.	2.5.2 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-5cz1-j5rs-dub8
Aliases:
GMS-2015-47

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

2.5.2
Affected by 0 other vulnerabilities.

VCID-8atm-865q-mkf3
Aliases:
ZF2015-09

Potential Information Disclosure and Insufficient Entropy vulnerability in `Zend\Captcha\Word`.

2.5.2
Affected by 0 other vulnerabilities.

VCID-ud17-u8e3-8qaj
Aliases:
GHSA-mg4x-prh7-g4mx

Zend-Captcha Information Disclosure and Insufficient Entropy vulnerability In Zend Framework, `Zend_Captcha_Word` (v1) and `Zend\Captcha\Word` (v2) generate a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. Prior to this advisory, the selection was performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of rand() instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This could potentially lead to information disclosure should an attacker be able to brute force the random number generation.

2.5.2
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-05T21:45:07.913366+00:00	GHSA Importer	Affected by	VCID-ud17-u8e3-8qaj	https://github.com/advisories/GHSA-mg4x-prh7-g4mx	38.6.0
2026-06-04T16:21:54.565718+00:00	GitLab Importer	Affected by	VCID-ud17-u8e3-8qaj	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GHSA-mg4x-prh7-g4mx.yml	38.6.0
2026-06-02T04:36:27.011915+00:00	GitLab Importer	Affected by	VCID-8atm-865q-mkf3	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/ZF2015-09.yml	38.6.0
2026-06-02T04:36:26.977376+00:00	GitLab Importer	Affected by	VCID-5cz1-j5rs-dub8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/zendframework/zend-captcha/GMS-2015-47.yml	38.6.0