Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5cz1-j5rs-dub8

Summary

Potential Information Disclosure and Insufficient Entropy in Zend\Captcha\Word
Zend generates a "word" for a CAPTCHA challenge by selecting a sequence of random letters from a character set. The selection is performed using PHP's internal `array_rand()` function. This function does not generate sufficient entropy due to its usage of `rand()` instead of more cryptographically secure methods such as `openssl_pseudo_random_bytes()`. This can potentially lead to information disclosure should an attacker be able to brute force the random number generation.

Aliases

alias	GMS-2015-47

Fixed_packages

url	pkg:composer/zendframework/zend-captcha@2.4.9
purl	pkg:composer/zendframework/zend-captcha@2.4.9
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.9

url	pkg:composer/zendframework/zend-captcha@2.5.2
purl	pkg:composer/zendframework/zend-captcha@2.5.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.5.2

Affected_packages

url pkg:composer/zendframework/zend-captcha@2.0.3

purl pkg:composer/zendframework/zend-captcha@2.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.0.3

url pkg:composer/zendframework/zend-captcha@2.0.4

purl pkg:composer/zendframework/zend-captcha@2.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.0.4

url pkg:composer/zendframework/zend-captcha@2.0.5

purl pkg:composer/zendframework/zend-captcha@2.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.0.5

url pkg:composer/zendframework/zend-captcha@2.0.6

purl pkg:composer/zendframework/zend-captcha@2.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.0.6

url pkg:composer/zendframework/zend-captcha@2.0.7

purl pkg:composer/zendframework/zend-captcha@2.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.0.7

url pkg:composer/zendframework/zend-captcha@2.0.8

purl pkg:composer/zendframework/zend-captcha@2.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.0.8

url pkg:composer/zendframework/zend-captcha@2.1.0

purl pkg:composer/zendframework/zend-captcha@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.0

url pkg:composer/zendframework/zend-captcha@2.1.1

purl pkg:composer/zendframework/zend-captcha@2.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.1

url pkg:composer/zendframework/zend-captcha@2.1.2

purl pkg:composer/zendframework/zend-captcha@2.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.2

url pkg:composer/zendframework/zend-captcha@2.1.3

purl pkg:composer/zendframework/zend-captcha@2.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.3

url pkg:composer/zendframework/zend-captcha@2.1.4

purl pkg:composer/zendframework/zend-captcha@2.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.4

url pkg:composer/zendframework/zend-captcha@2.1.5

purl pkg:composer/zendframework/zend-captcha@2.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.5

url pkg:composer/zendframework/zend-captcha@2.1.6

purl pkg:composer/zendframework/zend-captcha@2.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.1.6

url pkg:composer/zendframework/zend-captcha@2.2.0rc1

purl pkg:composer/zendframework/zend-captcha@2.2.0rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.0rc1

url pkg:composer/zendframework/zend-captcha@2.2.0rc2

purl pkg:composer/zendframework/zend-captcha@2.2.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.0rc2

url pkg:composer/zendframework/zend-captcha@2.2.0rc3

purl pkg:composer/zendframework/zend-captcha@2.2.0rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.0rc3

url pkg:composer/zendframework/zend-captcha@2.2.0

purl pkg:composer/zendframework/zend-captcha@2.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.0

url pkg:composer/zendframework/zend-captcha@2.2.1

purl pkg:composer/zendframework/zend-captcha@2.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.1

url pkg:composer/zendframework/zend-captcha@2.2.2

purl pkg:composer/zendframework/zend-captcha@2.2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.2

url pkg:composer/zendframework/zend-captcha@2.2.3

purl pkg:composer/zendframework/zend-captcha@2.2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.3

url pkg:composer/zendframework/zend-captcha@2.2.4

purl pkg:composer/zendframework/zend-captcha@2.2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.4

url pkg:composer/zendframework/zend-captcha@2.2.5

purl pkg:composer/zendframework/zend-captcha@2.2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.5

url pkg:composer/zendframework/zend-captcha@2.2.6

purl pkg:composer/zendframework/zend-captcha@2.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.6

url pkg:composer/zendframework/zend-captcha@2.2.7

purl pkg:composer/zendframework/zend-captcha@2.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.7

url pkg:composer/zendframework/zend-captcha@2.2.8

purl pkg:composer/zendframework/zend-captcha@2.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.8

url pkg:composer/zendframework/zend-captcha@2.2.9

purl pkg:composer/zendframework/zend-captcha@2.2.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.9

url pkg:composer/zendframework/zend-captcha@2.2.10

purl pkg:composer/zendframework/zend-captcha@2.2.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.2.10

url pkg:composer/zendframework/zend-captcha@2.3.0

purl pkg:composer/zendframework/zend-captcha@2.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.0

url pkg:composer/zendframework/zend-captcha@2.3.1

purl pkg:composer/zendframework/zend-captcha@2.3.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.1

url pkg:composer/zendframework/zend-captcha@2.3.2

purl pkg:composer/zendframework/zend-captcha@2.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.2

url pkg:composer/zendframework/zend-captcha@2.3.3

purl pkg:composer/zendframework/zend-captcha@2.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.3

url pkg:composer/zendframework/zend-captcha@2.3.4

purl pkg:composer/zendframework/zend-captcha@2.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.4

url pkg:composer/zendframework/zend-captcha@2.3.5

purl pkg:composer/zendframework/zend-captcha@2.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.5

url pkg:composer/zendframework/zend-captcha@2.3.6

purl pkg:composer/zendframework/zend-captcha@2.3.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.6

url pkg:composer/zendframework/zend-captcha@2.3.7

purl pkg:composer/zendframework/zend-captcha@2.3.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.7

url pkg:composer/zendframework/zend-captcha@2.3.8

purl pkg:composer/zendframework/zend-captcha@2.3.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.8

url pkg:composer/zendframework/zend-captcha@2.3.9

purl pkg:composer/zendframework/zend-captcha@2.3.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.3.9

url pkg:composer/zendframework/zend-captcha@2.4.0rc1

purl pkg:composer/zendframework/zend-captcha@2.4.0rc1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc1

url pkg:composer/zendframework/zend-captcha@2.4.0rc2

purl pkg:composer/zendframework/zend-captcha@2.4.0rc2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc2

url pkg:composer/zendframework/zend-captcha@2.4.0rc3

purl pkg:composer/zendframework/zend-captcha@2.4.0rc3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc3

url pkg:composer/zendframework/zend-captcha@2.4.0rc4

purl pkg:composer/zendframework/zend-captcha@2.4.0rc4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc4

url pkg:composer/zendframework/zend-captcha@2.4.0rc5

purl pkg:composer/zendframework/zend-captcha@2.4.0rc5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc5

url pkg:composer/zendframework/zend-captcha@2.4.0rc6

purl pkg:composer/zendframework/zend-captcha@2.4.0rc6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc6

url pkg:composer/zendframework/zend-captcha@2.4.0rc7

purl pkg:composer/zendframework/zend-captcha@2.4.0rc7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0rc7

url pkg:composer/zendframework/zend-captcha@2.4.0

purl pkg:composer/zendframework/zend-captcha@2.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.0

url pkg:composer/zendframework/zend-captcha@2.4.1

purl pkg:composer/zendframework/zend-captcha@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.1

url pkg:composer/zendframework/zend-captcha@2.4.2

purl pkg:composer/zendframework/zend-captcha@2.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.2

url pkg:composer/zendframework/zend-captcha@2.4.3

purl pkg:composer/zendframework/zend-captcha@2.4.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.3

url pkg:composer/zendframework/zend-captcha@2.4.4

purl pkg:composer/zendframework/zend-captcha@2.4.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.4

url pkg:composer/zendframework/zend-captcha@2.4.5

purl pkg:composer/zendframework/zend-captcha@2.4.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.5

url pkg:composer/zendframework/zend-captcha@2.4.6

purl pkg:composer/zendframework/zend-captcha@2.4.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.6

url pkg:composer/zendframework/zend-captcha@2.4.7

purl pkg:composer/zendframework/zend-captcha@2.4.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.7

url pkg:composer/zendframework/zend-captcha@2.4.8

purl pkg:composer/zendframework/zend-captcha@2.4.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.4.8

url pkg:composer/zendframework/zend-captcha@2.5.0

purl pkg:composer/zendframework/zend-captcha@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

vulnerability	VCID-ud17-u8e3-8qaj

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.5.0

url pkg:composer/zendframework/zend-captcha@2.5.1

purl pkg:composer/zendframework/zend-captcha@2.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5cz1-j5rs-dub8

vulnerability	VCID-8atm-865q-mkf3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zend-captcha@2.5.1

References

reference_url	http://framework.zend.com/security/advisory/ZF2015-09
reference_id
reference_type
scores
url	http://framework.zend.com/security/advisory/ZF2015-09

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5cz1-j5rs-dub8

Vulnerability Instance