Weak Encryption

Crypto-es is vulnerable to Insecure Hashing Algorithm. The vulnerability is present because the library uses the cryptographically weak sha1 algorithm by default. This weakness allows an attacker to potentially forge data, certificates, or digital signatures, which could lead to unauthorized acce...

@aarc-dev/deposit-widget (>=0.0.1 <=0.0.9), @aarc-xyz/deposit-widget (>=0.0.1 <=0.0.3) +242 more potentially affected by CVE-2023-46133 via crypto-es (>=1.2.7 <=2.0.4)

crypto-es NPM version =1.2.7, =0.0.1, =0.0.1, =1.0.0, =2.1.5, =0.1.0, =0.1.0-rc2, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.1-alpha.1, =0.0.20, =1.0.0, =0.4.2, =0.2.1-5, =0.2.1-6 and more Source cves: CVE-2023-46133 Source advisory: OSV:GHSA-MPJ8-Q39X-WQ5H...