com.github.penggle:kaptcha@2.3.2 vulnerabilities

latest version

2.3.2
first published

9 years ago
latest version published

9 years ago
licenses detected
- Apache-2.0
  [2.3.2,)
package manager

View on Maven Repository

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the com.github.penggle:kaptcha package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Insecure Randomness com.github.penggle:kaptcha is a default output produces a google captcha. Affected versions of this package are vulnerable to Insecure Randomness. `text/impl/DefaultTextCreator.java`, `text/impl/ChineseTextProducer.java`, and `text/impl/FiveLetterFirstNameTextCreator.java` in `kaptcha` use the `Random` (rather than `SecureRandom`) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach. How to fix Insecure Randomness? There is no fixed version for `com.github.penggle:kaptcha`.	[0,)

Insecure Randomness

com.github.penggle:kaptcha is a default output produces a google captcha.

Affected versions of this package are vulnerable to Insecure Randomness. text/impl/DefaultTextCreator.java, text/impl/ChineseTextProducer.java, and text/impl/FiveLetterFirstNameTextCreator.java in kaptcha use the Random (rather than SecureRandom) function for generating CAPTCHA values, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force approach.

How to fix Insecure Randomness?

There is no fixed version for com.github.penggle:kaptcha.

[0,)

Go back to all versions of this package

com.github.penggle:kaptcha@2.3.2 vulnerabilities

latest version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities