This repository has been archived by the owner on Aug 17, 2021. It is now read-only.
CVE-2018-1000620 (High) detected in cryptiles-2.0.5.tgz #270
Labels
security vulnerability
Security vulnerability detected by WhiteSource
CVE-2018-1000620 - High Severity Vulnerability
Vulnerable Library - cryptiles-2.0.5.tgz
General purpose crypto utilities
Library home page: https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz
Path to dependency file: angular-recaptcha/package.json
Path to vulnerable library: angular-recaptcha/node_modules/cryptiles/package.json
Dependency Hierarchy:
Found in HEAD commit: d0c7317c1908251604c4e710c797fdf348d2bc46
Found in base branch: master
Vulnerability Details
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
Publish Date: 2018-07-09
URL: CVE-2018-1000620
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000620
Release Date: 2018-07-09
Fix Resolution: v4.1.2
The text was updated successfully, but these errors were encountered: