corenova-storm@0.1.8

Vulnerabilities

1 via 3 paths

Dependencies

7

Source

npm

Find, fix and prevent vulnerabilities in your code.

Severity
  • 1
Status
  • 1
  • 0
  • 0

medium severity

Insecure Randomness

  • Vulnerable module: node-uuid
  • Introduced through: stormdata@1.1.7 and stormregistry@1.1.8

Detailed paths

  • Introduced through: corenova-storm@0.1.8 stormdata@1.1.7 node-uuid@1.3.3
  • Introduced through: corenova-storm@0.1.8 stormregistry@1.1.8 node-uuid@1.3.3
  • Introduced through: corenova-storm@0.1.8 stormregistry@1.1.8 stormdata@1.1.7 node-uuid@1.3.3

Overview

node-uuid is a Simple, fast generation of RFC4122 UUIDS.

Affected versions of this package are vulnerable to Insecure Randomness. It uses the cryptographically insecure Math.random which can produce predictable values and should not be used in security-sensitive context.

Remediation

Upgrade node-uuid to version 1.4.4 or greater.

References