Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...

MAL-2026-4542 Malicious code in crypto-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee2e9ca362c982e5c75ed96c626b87ca91d85fb6cb52c89c7a8def86851017b8 Package name typosquats the widely-used crypto-js library and mirrors its API surface, README, and repository references to appear legitimate...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732.

Summary IBM Maximo Application Suite - Monitor Component uses WebSphere Application Server Liberty which could provide weaker than expected security due to crypto.js and vulnerable to CVE-2020-36732. This bulletin contains information addressing the vulnerability. Vulnerability Details...

Security Bulletin: Multiple Vulnerabilities in IBM API Connect

Summary Multiple vulnerabilities were addressed in IBM API Connect version 10.0.8.5 Vulnerability Details CVEID:CVE-2020-36732 DESCRIPTION: The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more...

0x-assert (>=0.0.2 <=0.0.3), 0xauth (>=0.0.5 <=0.1.0) +8686 more potentially affected by CVE-2023-46233 via crypto-js (>=3.1.2-1 <=4.1.1)

crypto-js NPM version =3.1.2-1, =0.0.2, =0.0.5, =1.0.0, =1.0.0, =1.34.1, =0.1.0, =4.11.2, =0.0.1, =3.3.9, =3.10.1, =0.0.16-0.1, =0.0.4, =0.0.7 and more Source cves: CVE-2023-46233 Source advisory: OSV:GHSA-XWCQ-PM8M-C4VF...