CVE-2017-16028 Medium Severity Vulnerability detected by WhiteSource #405
Labels
security vulnerability
Security vulnerability detected by WhiteSource
Comments
mend-bolt-for-github
bot
added
the
security vulnerability
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CVE-2017-16028 - Medium Severity Vulnerability
Generate randomized strings of a specified length, fast. Only the length is necessary, but you can optionally generate patterns using any combination of numeric, alpha-numeric, alphabetical, special or custom characters.
path: /infiniboard/dashy/node_modules/randomatic/package.json
Library home page: https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz
Dependency Hierarchy:
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
Publish Date: 2018-06-04
URL: CVE-2017-16028
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: Low
- Integrity Impact: None
- Availability Impact: None
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nodesecurity.io/advisories/157
Release Date: 2017-04-14
Fix Resolution: Update to version 3.0.0 or later.
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: