Description
Eran Hammer cryptiles version 4.1.1 earlier contains a CWE-331: Insufficient Entropy vulnerability in randomDigits() method that can result in An attacker is more likely to be able to brute force something that was supposed to be random.. This attack appear to be exploitable via Depends upon the calling application.. This vulnerability appears to have been fixed in 4.1.2.
Remediation
References
https://github.com/hapijs/cryptiles/issues/34
https://github.com/hapijs/cryptiles/issues/35
Related Vulnerabilities
CVE-2020-36650 Vulnerability in npm package gry
CVE-2020-15123 Vulnerability in npm package codecov
CVE-2023-50732 Vulnerability in maven package org.xwiki.platform:xwiki-platform-index-tree-macro
CVE-2023-22621 Vulnerability in npm package @strapi/plugin-email
CVE-2023-45133 Vulnerability in maven package org.webjars.npm:babel__traverse