Insecure Randomness Affecting reveal.js package, versions <4.0.0
Snyk CVSS
Attack Complexity
High
Confidentiality
High
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-REVEALJS-173730
- published 26 Feb 2019
- disclosed 30 Jan 2019
- credit albert-ziegler
How to fix?
Upgrade reveal.js
to version 4.0.0 or higher.
Overview
reveal.js is a framework for easily creating presentations using HTML.
Affected versions of this package are vulnerable to Insecure Randomness. Authorisation tokens are generated using math.random
which can be predicted.