Description

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Remediation

References

https://github.com/hapijs/cryptiles/issues/34

https://github.com/hapijs/cryptiles/issues/35

Related Vulnerabilities

CVE-2017-11556 Vulnerability in npm package node-sass

CVE-2020-2185 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2020-15930 Vulnerability in npm package joplin

CVE-2023-28867 Vulnerability in maven package com.graphql-java:graphql-java

CVE-2023-42503 Vulnerability in maven package org.apache.commons:commons-compress

Severity

Critical

Classification

CWE-331 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Patch Third Party Advisory