Description
WS-2017-0107 - Medium Severity Vulnerability
Vulnerable Library - ws-1.1.1.tgz
simple to use, blazing fast and thoroughly tested websocket client, server and console for node.js, up-to-date against RFC-6455
path: /OSWaldito/node_modules/engine.io/node_modules/ws/package.json
Library home page: https://registry.npmjs.org/ws/-/ws-1.1.1.tgz
Dependency Hierarchy:
- ❌ ws-1.1.1.tgz (Vulnerable Library)
Vulnerability Details
Depending on the JavaScript engine, Math.random can be anywhere between extremely insecure and cryptographically pseudo-random.
Versions which use Math.random can produce predictable values, thus shall not be used.
Publish Date: 2016-09-20
URL: WS-2017-0107
CVSS 2 Score Details (5.9)
Base Score Metrics not available
Suggested Fix
Type: Change files
Origin: websockets/ws@7253f06
Release Date: 2016-11-25
Fix Resolution: Replace or update the following file: Sender.js
Step up your Open Source Security Game with WhiteSource here
Activity