5 matches found
@binsee/wx-voice (>=0.3.0 <=0.3.2), @bitfirer/vue-qriously (=0.0.1) +150 more potentially affected by CVE-2017-16028 via randomatic (>=0.1.4 <=2.0.0)
randomatic NPM version =0.1.4, =0.3.0, =0.0.1, =1.1.0, =0.4.0, =1.2.20, =8.0.30, =1.0.2, =0.1.0, =0.1.2 - @ngxvoice/ngx-voicelistner =1.0.0 - @pushrocks/smartdata =3.1.2 and more Source cves: CVE-2017-16028 Source advisory: OSV:GHSA-6G33-F262-XJP4...
GHSA-6G33-F262-XJP4 Cryptographically Weak PRNG in randomatic
Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended. Recommendation Update to version 3.0.0 or later...
Cryptographically Weak PRNG in randomatic
Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended. Recommendation Update to version 3.0.0 or later...
Cryptographically Insecure Token Generation
react-native-meteor-oauth generates insecure tokens. These tokens are insecure because they are generated using the randomatic package which is not cryptographically secure. This makes it easier for attackers to brute force tokens...
Cryptographically Weak PRNG
Overview Affected versions of randomatic generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended. Recommendation Update to version 3.0.0 or later. References - Commit 4a52695 - GitHub Advisory...