-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| paragonie/random_compat | composer | < 2.0 | 2.0 |
Miggo AIRoot Cause AnalysisThe advisory explicitly states that pre-2.0 versions of random_compat use openssl_random_pseudo_bytes(), which is flagged as insecure due to insufficient entropy and reliance on weak algorithms in some PHP/OpenSSL configurations. The GitHub issue (#96) confirms concerns about OpenSSL's fork-safety and MD5 usage. While the exact file path is inferred (common PHP library structure), the function's insecure usage in the library's CSPRNG logic is the core issue.
A Semantic Attack on Google Gemini - Read the Latest Research