VYPR

npm package

crypto-js

pkg:npm/crypto-js

Vulnerabilities (2)

  • CVE-2023-46233Oct 25, 2023
    affected < 4.2.0fixed 4.2.0

    crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic h

  • CVE-2020-36732Jun 12, 2023
    affected >= 3.2.0, < 3.2.1fixed 3.2.1

    The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.