Moderate severityNVD Advisory· Published Jun 12, 2023· Updated Jan 6, 2025
CVE-2020-36732
CVE-2020-36732
Description
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
crypto-jsnpm | >= 3.2.0, < 3.2.1 | 3.2.1 |
Affected products
2- crypto-js/crypto-jsdescription
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-3w3w-pxmm-2w2jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-36732ghsaADVISORY
- github.com/brix/crypto-js/commit/b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5ghsaWEB
- github.com/brix/crypto-js/commit/e4ac157d8b75b962d6538fc0b996e5d4d5a9466bghsaWEB
- github.com/brix/crypto-js/compare/3.2.0...3.2.1ghsaWEB
- github.com/brix/crypto-js/issues/254ghsaWEB
- github.com/brix/crypto-js/issues/256ghsaWEB
- github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466bghsaWEB
- security.netapp.com/advisory/ntap-20230706-0003ghsaWEB
- security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472ghsaWEB
- security.netapp.com/advisory/ntap-20230706-0003/mitre
News mentions
0No linked articles in our index yet.