{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38087?format=json","vulnerability_id":"VCID-sjw9-2fwe-5ybg","summary":"Potential Insufficient Entropy\nThere are several methods used to generate random numbers in ZF1 that potentially used insufficient entropy. Moreover, there's a potential security issue in the usage of the `openssl_random_pseudo_bytes()` function in `Zend_Crypt_Math::randBytes`, reported in PHP BUG #70014, and the security implications reported in a discussion on the `random_compat` library.","aliases":[{"alias":"ZF2016-11"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52645?format=json","purl":"pkg:composer/zendframework/zendframework1@1.12.18","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/zendframework/zendframework1@1.12.18"}],"affected_packages":[],"references":[{"reference_url":"http://framework.zend.com/security/advisory/ZF2016-01","reference_id":"","reference_type":"","scores":[],"url":"http://framework.zend.com/security/advisory/ZF2016-01"},{"reference_url":"https://bugs.php.net/bug.php?id=70014","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.php.net/bug.php?id=70014"},{"reference_url":"https://github.com/paragonie/random_compat/issues/96","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/paragonie/random_compat/issues/96"}],"weaknesses":[],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sjw9-2fwe-5ybg"}