Description
A bug in the pseudo-random number generator used by keypair versions up to and including 1.0.3 could allow for weak RSA key generation. This could enable an attacker to decrypt confidential messages or gain authorized access to an account belonging to the victim. We recommend replacing any RSA keys that were generated using keypair version 1.0.
Recommendation
Update the keypair package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.4
- Patched version(s): 1.0.4
References
Related Issues
- Cross Site Scripting vulnerability in store2 - CVE-2024-57556
- Bootstrap Cross-site Scripting vulnerability - CVE-2016-10735
- protobufjs Prototype Pollution vulnerability - CVE-2023-36665
- chromedriver Command Injection vulnerability - CVE-2023-26156
- Tags:
- npm
- keypair
Anything's wrong? Let us know Last updated on February 01, 2023