CVE-2017-16028
UNKNOWN
Published 2018-06-04T19:00:00Z
Actions:
Expert Analysis
Professional remediation guidance
Get tailored security recommendations from our analyst team for CVE-2017-16028. We'll provide specific mitigation strategies based on your environment and risk profile.
No CVSS data available
Description
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
Available Exploits
No exploits available for this CVE.
Related News
No news articles found for this CVE.
Affected Products
Affected Versions:
GitHub Security Advisories
Community-driven vulnerability intelligence from GitHub
Advisory Details
Affected versions of `randomatic` generate random values using a cryptographically weak psuedo-random number generator. This may result in predictable values instead of random values as intended.
## Recommendation
Update to version 3.0.0 or later.
Affected Packages
npm
randomatic
ECOSYSTEM:
≥0
<3.0.0
CVSS Scoring
CVSS Score
5.0
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
References
Advisory provided by GitHub Security Advisory Database. Published: October 9, 2018, Modified: September 8, 2023
References
Published: 2018-06-04T19:00:00Z
Last Modified: 2024-09-17T02:06:18.622Z
Copied to clipboard!