Skip to content
This repository has been archived by the owner on Dec 15, 2018. It is now read-only.

randomatic #1

Closed
srepollock opened this issue Dec 5, 2018 · 1 comment
Closed

randomatic #1

srepollock opened this issue Dec 5, 2018 · 1 comment
Assignees
@srepollock
Labels
vulnerability npm vulnerability detected by GitHub

Comments

@srepollock
Copy link
Owner

Remediation

Upgrade randomatic to version 3.0.0 or later. For example:

"dependencies": {
"randomatic": ">=3.0.0"
}
or…
"devDependencies": {
"randomatic": ">=3.0.0"
}
Always verify the validity and compatibility of suggestions with your codebase.

Details

CVE-2017-16028 More information
low severity
Vulnerable versions: < 3.0.0
Patched version: 3.0.0
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).
@srepollock srepollock added the vulnerability npm vulnerability detected by GitHub label Dec 5, 2018
@srepollock srepollock self-assigned this Dec 5, 2018
srepollock added a commit that referenced this issue Dec 5, 2018
@srepollock
Fixing issue #1
1014048
@srepollock
Copy link
Owner Author

This issue has been addressed and closed in release v1.0.1

Thank you for the help 🐼

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@srepollock srepollock

Labels
vulnerability npm vulnerability detected by GitHub
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@srepollock