CVE-2021-3990

Description

showdoc is vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG).

How to fix CVE-2021-3990

To remediate CVE-2021-3990, upgrade the affected package to a fixed version below.

• Packagist/showdoc/showdoc—upgrade to 2.9.13 or later

Is CVE-2021-3990 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 2.9.13

CVSS scores

References (4)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2021-3990
• PATCHgithub.com/star7th/showdoc
• WEBgithub.com/star7th/showdoc/commit/a9886f26c08225e0adca75c67dfca3f7c42b87d0
• WEBhuntr.dev/bounties/0680067d-56a7-4412-b06e-a267e850ae9f