CVE-2022-39218

Name of the Vulnerable Software and Affected Versions JS Compute Runtime versions prior to 0.5.3

Description The Math.random and crypto.getRandomValues methods fail to use sufficiently random values, making the sequence of random values predictable. An attacker can use the fixed seed to predict random numbers generated by these functions and bypass cryptographic security controls, potentially disclosing sensitive data encrypted by functions that use these generators.

Recommendations For versions prior to 0.5.3, upgrade to version 0.5.3 or later to resolve the issue. As a temporary workaround, consider avoiding the use of Math.random and crypto.getRandomValues methods until the upgrade is applied. However, it is noted that there are no known workarounds, and upgrading to the patched version is the recommended solution.