Headline
GHSA-3w3w-pxmm-2w2j: crypto-js uses insecure random numbers
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string “0.” with an integer, which makes the output more predictable than necessary.
crypto-js uses insecure random numbers
High severity GitHub Reviewed Published Jun 12, 2023 to the GitHub Advisory Database • Updated Jun 13, 2023
Related news
CVE-2020-36732: Security issue · Issue #254 · brix/crypto-js
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.