Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxcWYtdnZjci03cXJ2
Cryptographically Weak PRNG in generate-password
Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords.
Recommendation
Update to version 1.4.1 or later.
Permalink: https://github.com/advisories/GHSA-6qqf-vvcr-7qrvJSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTZxcWYtdnZjci03cXJ2
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 5 years ago
Updated: almost 2 years ago
Identifiers: GHSA-6qqf-vvcr-7qrv
References:
- https://github.com/brendanashworth/generate-password/pull/26
- https://www.npmjs.com/advisories/762
- https://github.com/advisories/GHSA-6qqf-vvcr-7qrv
Blast Radius: 0.0
Affected Packages
npm:generate-password
Dependent packages: 308Dependent repositories: 2,851
Downloads: 1,464,265 last month
Affected Version Ranges: < 1.4.1
Fixed in: 1.4.1
All affected versions: 0.0.1, 0.0.2, 1.0.1, 1.0.2, 1.1.1, 1.2.0, 1.3.0, 1.4.0
All unaffected versions: 1.4.1, 1.4.2, 1.5.0, 1.5.1, 1.6.0, 1.6.1, 1.7.0, 1.7.1