Sign In

CVE-2018-1000620

ADVISORY - github

Summary

Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits() method does not provide sufficient entropy and its generates digits that are not evenly distributed.

Recommendation

Upgrade to version 4.1.2. The package is deprecated and has been moved to @hapi/cryptiles and it is strongly recommended to use the maintained package.

EPSS Score: 0.00374 (0.584)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-331

Insufficient Entropy

ADVISORY - github

CWE-331

Insufficient Entropy

ADVISORY - gitlab

CWE-1035

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-331

Insufficient Entropy

CWE-937

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

ADVISORY - redhat

CWE-330

Use of Insufficiently Random Values

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2018-1000620
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-331

CVSS SCORE

9.8critical

GitHub

CREATED

UPDATED

ADVISORY IDGHSA-rq8g-5pc5-wrhr
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-331

CVSS SCORE

9.8critical

GitLab

CREATED

UPDATED

ADVISORY ID

CVE-2018-1000620

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-1035CWE-331CWE-937

CVSS SCORE

9.8critical

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2018-1000620
EXPLOITABILITY SCORE

2.2

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-330

CVSS SCORE

3.7medium