CVE-2020-36732

Published: Jun 12, 2023

Modified: Jan 6, 2025

PUBLISHED

Description

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472

https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b

https://github.com/brix/crypto-js/issues/254

https://github.com/brix/crypto-js/issues/256

https://github.com/brix/crypto-js/compare/3.2.0...3.2.1

https://security.netapp.com/advisory/ntap-20230706-0003/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2020-36732

Description

Affected Products

References