{"url":"http://public2.vulnerablecode.io/api/packages/214555?format=json","purl":"pkg:composer/stormpath/sdk@1.10.0.beta","type":"composer","namespace":"stormpath","name":"sdk","version":"1.10.0.beta","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55068?format=json","vulnerability_id":"VCID-c84k-5dse-4bgr","summary":"stormpath/sdk uses Insecure Random Number Generator\nThe vulnerability pertains to the usage of an insecure random number generator (RNG) in the \"stormpath-sdk-php\" library. Specifically, the issue is present in the generation of UUID (Universally Unique Identifier) version 4 within the codebase.","references":[{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/stormpath/sdk/2017-11-20.yaml"},{"reference_url":"https://github.com/stormpath/stormpath-sdk-php","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stormpath/stormpath-sdk-php"},{"reference_url":"https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.php#L167-L181"},{"reference_url":"https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.php#L48-L50"},{"reference_url":"https://github.com/stormpath/stormpath-sdk-php/issues/132","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/stormpath/stormpath-sdk-php/issues/132"},{"reference_url":"https://github.com/advisories/GHSA-q8fc-v85f-78pw","reference_id":"GHSA-q8fc-v85f-78pw","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q8fc-v85f-78pw"}],"fixed_packages":[],"aliases":["GHSA-q8fc-v85f-78pw"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c84k-5dse-4bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39172?format=json","vulnerability_id":"VCID-jmvc-wsx2-efbx","summary":"Use of Insufficiently Random Values\nInsecure Random Number Generator in stormpath.","references":[{"reference_url":"https://github.com/stormpath/stormpath-sdk-php/issues/132","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/stormpath/stormpath-sdk-php/issues/132"}],"fixed_packages":[],"aliases":["GMS-2017-346"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmvc-wsx2-efbx"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/stormpath/sdk@1.10.0.beta"}