npm package
crypto-js
pkg:npm/crypto-js
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-46233 | — | < 4.2.0 | 4.2.0 | Oct 25, 2023 | crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic h | ||
| CVE-2020-36732 | — | >= 3.2.0, < 3.2.1 | 3.2.1 | Jun 12, 2023 | The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary. |
- CVE-2023-46233Oct 25, 2023affected < 4.2.0fixed 4.2.0
crypto-js is a JavaScript library of crypto standards. Prior to version 4.2.0, crypto-js PBKDF2 is 1,000 times weaker than originally specified in 1993, and at least 1,300,000 times weaker than current industry standard. This is because it both defaults to SHA1, a cryptographic h
- CVE-2020-36732Jun 12, 2023affected >= 3.2.0, < 3.2.1fixed 3.2.1
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.