CVE-2020-36732 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
crypto-js_project	crypto-js	𝑥 < 3.2.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

cryptojs

bionic	not-affected
focal	not-affected
jammy	not-affected
kinetic	not-affected
lunar	not-affected
trusty	dne
xenial	not-affected

Common Weakness Enumeration

CWE-330 - Use of Insufficiently Random Values
The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
CWE-331 - Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References

https://github.com/brix/crypto-js/compare/3.2.0...3.2.1

https://github.com/brix/crypto-js/issues/254

https://github.com/brix/crypto-js/issues/256

https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b

https://security.netapp.com/advisory/ntap-20230706-0003/

https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472

https://github.com/brix/crypto-js/compare/3.2.0...3.2.1

https://github.com/brix/crypto-js/issues/254

https://github.com/brix/crypto-js/issues/256

https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b

https://security.netapp.com/advisory/ntap-20230706-0003/

https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472