5 matches found
@binsee/wx-voice (>=0.3.0 <=0.3.2), @bitfirer/vue-qriously (=0.0.1) +149 more potentially affected by CVE-2017-16028 via randomatic (>=0.1.4 <=2.0.0)
randomatic NPM version =0.1.4, =0.3.0, =0.0.1, =1.1.0, =0.4.0, =1.2.20, =8.0.30, =1.0.2, =0.1.0, =0.1.2 - @ngxvoice/ngx-voicelistner =1.0.0 - @pushrocks/smartdata =3.1.2 and more Source cves: CVE-2017-16028 Source advisory: OSV:GHSA-6G33-F262-XJP4...
CVE-2017-16028
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...
CVE-2017-16028
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...
CVE-2017-16028
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG Math.random...
CVE-2017-16028
CVE-2017-16028 affects IBM Tivoli Netcool/OMNIbus WebGUI via the React/Node.js component (react-native-meteor-oauth) using a weak RNG (Math.random) for OAuth tokens. Remediation: upgrade WebGUI to 8.1.0 Fix Pack 28 (affecting 8.1.0 FP27 and earlier).