Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-grhg-jqy6-xff2

Summary

Insufficient Entropy
An attacker is able to guess generated digits due to insufficient entropy.

Aliases

alias	GMS-2020-4

Fixed_packages

url pkg:npm/crypto-js@3.2.1

purl pkg:npm/crypto-js@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.2.1

url pkg:npm/crypto-js@4.0.0

purl pkg:npm/crypto-js@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@4.0.0

Affected_packages

url pkg:npm/crypto-js@3.1.2-1

purl pkg:npm/crypto-js@3.1.2-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-1

url pkg:npm/crypto-js@3.1.2-2

purl pkg:npm/crypto-js@3.1.2-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-2

url pkg:npm/crypto-js@3.1.2-3

purl pkg:npm/crypto-js@3.1.2-3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-3

url pkg:npm/crypto-js@3.1.2-4

purl pkg:npm/crypto-js@3.1.2-4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-4

url pkg:npm/crypto-js@3.1.2-5

purl pkg:npm/crypto-js@3.1.2-5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-5

url pkg:npm/crypto-js@3.1.2-6

purl pkg:npm/crypto-js@3.1.2-6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-6

url pkg:npm/crypto-js@3.1.2

purl pkg:npm/crypto-js@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2

url pkg:npm/crypto-js@3.1.4

purl pkg:npm/crypto-js@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.4

url pkg:npm/crypto-js@3.1.5

purl pkg:npm/crypto-js@3.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.5

url pkg:npm/crypto-js@3.1.6

purl pkg:npm/crypto-js@3.1.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.6

url pkg:npm/crypto-js@3.1.7

purl pkg:npm/crypto-js@3.1.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.7

url pkg:npm/crypto-js@3.1.8

purl pkg:npm/crypto-js@3.1.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.8

url pkg:npm/crypto-js@3.1.9-1

purl pkg:npm/crypto-js@3.1.9-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.9-1

url pkg:npm/crypto-js@3.2.0

purl pkg:npm/crypto-js@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-ej8z-tdd9-ubhg

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.2.0

url pkg:npm/crypto-js@3.3.0

purl pkg:npm/crypto-js@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-asxw-e1d3-ckau

vulnerability	VCID-grhg-jqy6-xff2

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.3.0

References

reference_url	https://github.com/brix/crypto-js/issues/256
reference_id
reference_type
scores
url	https://github.com/brix/crypto-js/issues/256

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	331
name	Insufficient Entropy
description	The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability 0.5

Weighted_severity 0.0

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-grhg-jqy6-xff2

Vulnerability Instance