dredd@5.1.11

Vulnerabilities 1 via 1 paths
Dependencies 261
Source npm

Snyk continuously finds and fixes vulnerabilities in your dependencies.

Filter by issue type
  • 1
Filter by issue policy
  • 0
  • 0
medium severity

Insecure Randomness

  • Vulnerable module: cryptiles
  • Introduced through: request@2.86.0

Detailed paths

  • Introduced through: dredd@5.1.11 request@2.86.0 hawk@6.0.2 cryptiles@3.1.2
    Remediation: Upgrade to request@2.87.0.

Overview

cryptiles is a package for general crypto utilities.

Affected versions of this package are vulnerable to Insecure Randomness. The randomDigits() method is supposed to return a cryptographically strong pseudo-random data string, but it was biased to certain digits. An attacker could be able to guess the created digits.

Remediation

Upgrade to version 4.1.2 and higher.

References