GHSA-rq8g-5pc5-wrhr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-rq8g-5pc5-wrhr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/09/GHSA-rq8g-5pc5-wrhr/GHSA-rq8g-5pc5-wrhr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-rq8g-5pc5-wrhr
- Aliases
- Published
- 2018-09-11T18:22:50Z
- Modified
- 2023-11-08T03:59:39.699757Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- Insufficient Entropy in cryptiles
- Details
-
Versions of
cryptilesprior to 4.1.2 are vulnerable to Insufficient Entropy. TherandomDigits()method does not provide sufficient entropy and its generates digits that are not evenly distributed.Recommendation
Upgrade to version 4.1.2. The package is deprecated and has been moved to
@hapi/cryptilesand it is strongly recommended to use the maintained package. - Database specific
{ "github_reviewed_at": "2020-06-16T21:55:29Z", "github_reviewed": true, "nvd_published_at": "2018-07-09T20:29:00Z", "cwe_ids": [ "CWE-331" ], "severity": "CRITICAL" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-1000620
- https://github.com/hapijs/cryptiles/issues/34
- https://github.com/hapijs/cryptiles/issues/35
- https://github.com/hapijs/cryptiles/commit/6bdcd0f6ee8ade96e7b30350bad39ee0c2ef0f9b
- https://github.com/hapijs/cryptiles/commit/9332d4263a32b84e76bf538d7470d01ea63fa047
- https://github.com/advisories/GHSA-rq8g-5pc5-wrhr
- https://github.com/hapijs/cryptiles
- https://github.com/nodejs/security-wg/blob/master/vuln/npm/476.json
- https://www.npmjs.com/advisories/1464
- https://www.npmjs.com/advisories/720
Affected packages
npm / cryptiles
Package
- Name
- cryptiles
- View open source insights on deps.dev
- Purl
- pkg:npm/cryptiles