Nomenclature Processing Machine

npm

Severity: low

Insecure Entropy Source - Math.random()

node-uuid

Overview

Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, which may result in guessable UUID's.

Remediation

Update to version 1.4.4 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Mar 28th, 2016
  2. reported

    Initial report by Fedot Praslov
    Mar 28th, 2016