GitHub Advisory DatabaseGHSA-6G33-F262-XJP4Cryptographically Weak PRNG in randomatic
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.0%
Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended.
Recommendation
Update to version 3.0.0 or later.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| randomatic_project | randomatic | * | cpe:2.3:a:randomatic_project:randomatic:*:*:*:*:*:node.js:*:* |
References
github.com/advisories/GHSA-6g33-f262-xjp4
github.com/jonschlinkert/randomatic/commit/4a526959b3a246ae8e4a82f9c182180907227fe1#diff-b9cfc7f2cdf78a7f4b91a753d10865a2
github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66
nvd.nist.gov/vuln/detail/CVE-2017-16028
www.npmjs.com/advisories/157
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
35.0%