NPM-CRYPTO-BROWSERIFY-20140722 – crypto-browserify

Package

Manager: npm
Name: crypto-browserify
Vulnerable Version: >=0 <2.1.11

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of the package are vulnerable to Insecure Randomness due to using the cryptographically insecure Math.random(). This function can produce predictable values and should not be used in security-sensitive context.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-330"]
Alternative ID: N/A
Finding: F034
Auto approve: 1