CVE-2016-1902: Cryptographic Issues

June 1, 2016 (updated June 3, 2016)

The nextBytes function in the SecureRandom class in Symfony does not properly generate random numbers when used with PHP without the paragonie/random_compat library and the openssl_random_pseudo_bytes function fails, which makes it easier for attackers to defeat cryptographic protection mechanisms via unspecified vectors.

References

symfony.com/cve-2016-1902

Code Behaviors & Features

Detect and mitigate CVE-2016-1902 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →