{"url":"http://public2.vulnerablecode.io/api/packages/57742?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE","type":"maven","namespace":"org.springframework.security","name":"spring-security-core","version":"5.0.13.RELEASE","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.1.2","latest_non_vulnerable_version":"6.5.4","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40878?format=json","vulnerability_id":"VCID-3p1k-4ges-1fev","summary":"Insufficient Entropy in PRNG\nSpring Security contain an insecure randomness vulnerability when using `SecureRandomFactoryBean#setSeed` to configure a `SecureRandom` instance. In order to be impacted, an honest application must provide a seed and make the resulting random material available to an attacker for inspection.","references":[{"reference_url":"http://www.securityfocus.com/bid/107802","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/107802"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3795","reference_id":"CVE-2019-3795","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3795"},{"reference_url":"https://pivotal.io/security/cve-2019-3795","reference_id":"CVE-2019-3795","reference_type":"","scores":[],"url":"https://pivotal.io/security/cve-2019-3795"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57741?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@4.2.13.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/57742?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE"},{"url":"http://public2.vulnerablecode.io/api/packages/57743?format=json","purl":"pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.1.6.RELEASE"}],"aliases":["CVE-2019-3795"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3p1k-4ges-1fev"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.springframework.security/spring-security-core@5.0.13.RELEASE"}