Description

Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.

Remediation

References

https://github.com/hapijs/cryptiles/issues/34

https://github.com/hapijs/cryptiles/issues/35

Related Vulnerabilities

CVE-2015-20110 Vulnerability in npm package generator-jhipster

CVE-2021-28092 Vulnerability in maven package org.webjars.npm:is-svg

CVE-2021-26296 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

CVE-2017-6056 Vulnerability in maven package org.apache.tomcat:tomcat-coyote

CVE-2022-23945 Vulnerability in maven package org.apache.shenyu:shenyu-common

Severity

Critical

Classification

CWE-331 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Patch Third Party Advisory