CVE-2020-36732

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions crypto-js versions prior to 3.2.1

Description The issue concerns the generation of random numbers in the crypto-js package. Specifically, it concatenates the string "0." with an integer, making the output more predictable than necessary.

Recommendations For versions prior to 3.2.1, update to version 3.2.1 or later to resolve the issue.

Fix

Use of Insufficiently Random Values

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-330CWE-331

Related Identifiers

CVE-2020-36732

GHSA-3W3W-PXMM-2W2J

Affected Products

Crypto-Js

CVE-2020-36732

Weakness Enumeration

Related Identifiers

Affected Products

References · 17