Insecure Randomness Affecting @fastly/js-compute package, versions >=0.4.0 <0.5.3


0.0
medium
  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JS-FASTLYJSCOMPUTE-3027822

  • published

    21 Sep 2022

  • disclosed

    20 Sep 2022

  • credit

    JakeChampion

How to fix?

Upgrade @fastly/js-compute to version 0.5.3 or higher.

Overview

@fastly/js-compute is a npm version npm downloads per month

Affected versions of this package are vulnerable to Insecure Randomness in the Math.random and crypto.getRandomValues methods.

References