Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Finding: Weak Pseudo-Random (CWE-338, Medium Severity) in user-dao.js:53 #140

Open
2 tasks
dimagwhitesourceapp bot opened this issue Feb 7, 2024 · 0 comments
Open
2 tasks

Code Security Finding: Weak Pseudo-Random (CWE-338, Medium Severity) in user-dao.js:53 #140

dimagwhitesourceapp bot opened this issue Feb 7, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@dimagwhitesourceapp
Copy link

Code Security Finding

This finding was first detected on 2023-12-04 11:31pm GMT and is still present in the last scan performed on 2024-02-07 01:37am GMT:

SeverityVulnerability TypeCWEFileData Flows
MediumWeak Pseudo-Random

CWE-338

user-dao.js:53

1
Vulnerable Code

JS-Demo/app/data/user-dao.js

Line 53 in 8d9a490

const year = Math.ceil(Math.random() * 30) + today.getFullYear();

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Weak Pseudo-Random Training

● Videos

   ▪ Secure Code Warrior Weak Pseudo-Random Video

● Further Reading

   ▪ OWASP Insecure Randomness

🏴 Suppress Finding
  • ... as False Alarm
  • ... as Acceptable Risk
@dimagwhitesourceapp dimagwhitesourceapp bot added the Mend: code security findings Code security findings detected by Mend label Feb 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants