3 matches found
CVE-2022-39218
The JS Compute Runtime for Fastly's Compute@Edge platform provides the environment JavaScript is executed in when using the Compute@Edge JavaScript SDK. In versions prior to 0.5.3, the Math.random and crypto.getRandomValues methods fail to use sufficiently random values. The initial value to seed...
@adobe/helix-deploy (>=7.0.0 <=7.0.8) potentially affected by CVE-2022-39218 via @fastly/js-compute (>=0.4.0 <=0.5.2)
@fastly/js-compute NPM version =0.4.0, =7.0.0, =7.0.8 Source cves: CVE-2022-39218 Source advisory: OSV:GHSA-CMR8-5W4C-44V8...
CVE-2022-39218
The CVE-2022-39218 vulnerability affects Fastly’s Compute@Edge JS Runtime. In versions before 0.5.3, Math.random and crypto.getRandomValues do not use sufficiently random values because the seed for the PRNG was baked into the final WebAssembly module, making the random sequence predictable for t...