Name of the Vulnerable Software and Affected Versions random compat versions prior to 2.0

Description The issue is related to the insecure usage of Cryptographically Secure Pseudo-Random Number Generators (CSPRNG). The affected versions use openssl random pseudo bytes(), which may result in insufficient entropy and compromise the security of generated random numbers.

Recommendations For versions prior to 2.0, update to version 2.0 or later to resolve the issue. As a temporary workaround, consider restricting the usage of openssl random pseudo bytes() until a patch is available.