Insecure Random Number Generation in crypto-js Package for Node.js
CVE-2020-36732 · MEDIUM Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
Learn more about our Web Application Penetration Testing UK.