Data

Tools

Indexes

Applications

Experiments

Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXd3dnYteDVtcS1oM2pq

Moderate EPSS: 0.00487% (0.64479 Percentile) EPSS:
Permalink JSON

Use of Cryptographically Weak Pseudo-Random Number Generator in yiisoft/yii2-dev

Affected Packages Affected Versions Fixed Versions
packagist:yiisoft/yii2-dev < 2.0.43 2.0.43
32 Dependent packages
36 Dependent repositories
90,847 Downloads total

Affected Version Ranges

All affected versions

2.0.0, 2.0.1, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.7, 2.0.8, 2.0.9, 2.0.10, 2.0.11, 2.0.12, 2.0.13, 2.0.14, 2.0.15, 2.0.16, 2.0.17, 2.0.18, 2.0.19, 2.0.20, 2.0.21, 2.0.22, 2.0.23, 2.0.24, 2.0.25, 2.0.26, 2.0.27, 2.0.28, 2.0.29, 2.0.30, 2.0.31, 2.0.32, 2.0.33, 2.0.34, 2.0.35, 2.0.36, 2.0.37, 2.0.38, 2.0.39, 2.0.40, 2.0.41, 2.0.42

All unaffected versions

2.0.43, 2.0.44, 2.0.45, 2.0.46, 2.0.47, 2.0.48, 2.0.49, 2.0.50, 2.0.51, 2.0.52, 2.0.53

yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator

References:

Identifiers

GHSA-wwvv-x5mq-h3jj

CVE-2021-3692

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00487

EPSS Percentile: 0.64479

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/yiisoft/yii2

Date and time

Published

almost 4 years ago

Updated

over 2 years ago

API

JSON