CVE-2018-18531: Use of Insufficiently Random Values

October 19, 2018 (updated January 25, 2019)

kaptcha use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.

References

nvd.nist.gov/vuln/detail/CVE-2018-18531

Code Behaviors & Features

Detect and mitigate CVE-2018-18531 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →