CVE-2021-3692: Use of Predictable Algorithm in Random Number Generator in yiisoft/yii2
First published: Tue Aug 10 2021(Updated: )
yii2 is vulnerable to Use of Predictable Algorithm in Random Number Generator
Credit: security@huntr.dev
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Yii Framework | >=2.0.0<2.0.43 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-3692?
CVE-2021-3692 is a vulnerability in yii2 that allows an attacker to predict the random number generator algorithm.
What is the severity of CVE-2021-3692?
The severity of CVE-2021-3692 is high with a severity value of 5.3.
How does CVE-2021-3692 affect yii2?
CVE-2021-3692 affects yii2 versions from 2.0.0 to 2.0.43.
How can I fix CVE-2021-3692 in yii2?
To fix CVE-2021-3692 in yii2, you should update to a version that includes the fix, such as the commit 13f27e4d920a05d53236139e8b07007acd046a46 on the yii2 GitHub repository.
Are there any references for CVE-2021-3692?
Yes, you can find references for CVE-2021-3692 on the following links: [GitHub Commit](https://github.com/yiisoft/yii2/commit/13f27e4d920a05d53236139e8b07007acd046a46) and [Huntr Bounty](https://huntr.dev/bounties/55517f19-5c28-4db2-8b00-f78f841e8aba).
- agent/weakness
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/remedy
- agent/last-modified-date
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- vendor/yiiframework
- canonical/yii framework
- version/yii framework/2.0.0