Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ej8z-tdd9-ubhg
Summary
crypto-js uses insecure random numbers
The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
Aliases
0
alias CVE-2020-36732
1
alias GHSA-3w3w-pxmm-2w2j
Fixed_packages
0
url pkg:npm/crypto-js@3.2.1
purl pkg:npm/crypto-js@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asxw-e1d3-ckau
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.2.1
Affected_packages
0
url pkg:npm/crypto-js@3.2.0
purl pkg:npm/crypto-js@3.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-asxw-e1d3-ckau
1
vulnerability VCID-ej8z-tdd9-ubhg
2
vulnerability VCID-grhg-jqy6-xff2
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.2.0
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-36732
reference_id
reference_type
scores
0
value 0.00821
scoring_system epss
scoring_elements 0.74364
published_at 2026-04-01T12:55:00Z
1
value 0.00821
scoring_system epss
scoring_elements 0.7437
published_at 2026-04-07T12:55:00Z
2
value 0.00821
scoring_system epss
scoring_elements 0.74395
published_at 2026-04-04T12:55:00Z
3
value 0.00821
scoring_system epss
scoring_elements 0.74368
published_at 2026-04-02T12:55:00Z
4
value 0.00876
scoring_system epss
scoring_elements 0.75331
published_at 2026-04-21T12:55:00Z
5
value 0.00876
scoring_system epss
scoring_elements 0.75296
published_at 2026-04-08T12:55:00Z
6
value 0.00876
scoring_system epss
scoring_elements 0.75307
published_at 2026-04-09T12:55:00Z
7
value 0.00876
scoring_system epss
scoring_elements 0.75327
published_at 2026-04-11T12:55:00Z
8
value 0.00876
scoring_system epss
scoring_elements 0.75305
published_at 2026-04-12T12:55:00Z
9
value 0.00876
scoring_system epss
scoring_elements 0.75294
published_at 2026-04-13T12:55:00Z
10
value 0.00876
scoring_system epss
scoring_elements 0.75334
published_at 2026-04-16T12:55:00Z
11
value 0.00876
scoring_system epss
scoring_elements 0.7534
published_at 2026-04-18T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-36732
1
reference_url https://github.com/brix/crypto-js
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/brix/crypto-js
2
reference_url https://github.com/brix/crypto-js/commit/b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/brix/crypto-js/commit/b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5
3
reference_url https://github.com/brix/crypto-js/commit/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/brix/crypto-js/commit/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b
4
reference_url https://github.com/brix/crypto-js/compare/3.2.0...3.2.1
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:45:07Z/
url https://github.com/brix/crypto-js/compare/3.2.0...3.2.1
5
reference_url https://github.com/brix/crypto-js/issues/254
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:45:07Z/
url https://github.com/brix/crypto-js/issues/254
6
reference_url https://github.com/brix/crypto-js/issues/256
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:45:07Z/
url https://github.com/brix/crypto-js/issues/256
7
reference_url https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:45:07Z/
url https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b
8
reference_url https://security.netapp.com/advisory/ntap-20230706-0003
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20230706-0003
9
reference_url https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:45:07Z/
url https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-36732
reference_id CVE-2020-36732
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-36732
11
reference_url https://github.com/advisories/GHSA-3w3w-pxmm-2w2j
reference_id GHSA-3w3w-pxmm-2w2j
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3w3w-pxmm-2w2j
12
reference_url https://security.netapp.com/advisory/ntap-20230706-0003/
reference_id ntap-20230706-0003
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-06T17:45:07Z/
url https://security.netapp.com/advisory/ntap-20230706-0003/
Weaknesses
0
cwe_id 330
name Use of Insufficiently Random Values
description The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
1
cwe_id 331
name Insufficient Entropy
description The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ej8z-tdd9-ubhg