{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52228?format=json","vulnerability_id":"VCID-hjvn-rwwm-qqh5","summary":"Insufficient Entropy\nAn attacker is able to guess generated digits due to insufficient entropy.","aliases":[{"alias":"GMS-2020-4"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65378?format=json","purl":"pkg:npm/crypto-js@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.2.1"},{"url":"http://public2.vulnerablecode.io/api/packages/76641?format=json","purl":"pkg:npm/crypto-js@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@4.0.0"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/248784?format=json","purl":"pkg:npm/crypto-js@3.1.2-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/248785?format=json","purl":"pkg:npm/crypto-js@3.1.2-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/248786?format=json","purl":"pkg:npm/crypto-js@3.1.2-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-3"},{"url":"http://public2.vulnerablecode.io/api/packages/248787?format=json","purl":"pkg:npm/crypto-js@3.1.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-4"},{"url":"http://public2.vulnerablecode.io/api/packages/248788?format=json","purl":"pkg:npm/crypto-js@3.1.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-5"},{"url":"http://public2.vulnerablecode.io/api/packages/248789?format=json","purl":"pkg:npm/crypto-js@3.1.2-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2-6"},{"url":"http://public2.vulnerablecode.io/api/packages/248790?format=json","purl":"pkg:npm/crypto-js@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.2"},{"url":"http://public2.vulnerablecode.io/api/packages/248791?format=json","purl":"pkg:npm/crypto-js@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/248792?format=json","purl":"pkg:npm/crypto-js@3.1.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.5"},{"url":"http://public2.vulnerablecode.io/api/packages/248793?format=json","purl":"pkg:npm/crypto-js@3.1.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.6"},{"url":"http://public2.vulnerablecode.io/api/packages/248794?format=json","purl":"pkg:npm/crypto-js@3.1.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.7"},{"url":"http://public2.vulnerablecode.io/api/packages/248795?format=json","purl":"pkg:npm/crypto-js@3.1.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.8"},{"url":"http://public2.vulnerablecode.io/api/packages/248796?format=json","purl":"pkg:npm/crypto-js@3.1.9-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.1.9-1"},{"url":"http://public2.vulnerablecode.io/api/packages/65377?format=json","purl":"pkg:npm/crypto-js@3.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-exb3-dpc1-pkh7"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.2.0"},{"url":"http://public2.vulnerablecode.io/api/packages/76640?format=json","purl":"pkg:npm/crypto-js@3.3.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3dub-eb23-3bc6"},{"vulnerability":"VCID-hjvn-rwwm-qqh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:npm/crypto-js@3.3.0"}],"references":[{"reference_url":"https://github.com/brix/crypto-js/issues/256","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/brix/crypto-js/issues/256"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":331,"name":"Insufficient Entropy","description":"The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.0","risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hjvn-rwwm-qqh5"}