Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLWhxM3Ytcmc2Zi02aHg0

High EPSS: 0.00506% (0.64929 Percentile) EPSS:
Permalink JSON

Use of Insufficiently Random Values in yiisoft/yii2-dev

Affected Packages Affected Versions Fixed Versions
packagist:yiisoft/yii2-dev < 2.0.43 2.0.43
32 Dependent packages
36 Dependent repositories
90,847 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42

All unaffected versions

2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.49, 2.0.50, 2.0.51, 2.0.52, 2.0.53

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

References:

Identifiers

GHSA-hq3v-rg6f-6hx4

CVE-2021-3689

Risk

Severity

High

EPSS

EPSS Percentage: 0.00506

EPSS Percentile: 0.64929

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yiisoft/yii2

Date and time

Published

almost 4 years ago

Updated

over 2 years ago

API

JSON