CVE-2020-36732

The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.


We have discovered 2,370 live websites that are affected by CVE-2020-36732.

Contact us to get more info




Affected Software

Product  crypto-js
Category JavaScript Libraries
Vulnerable Domains2,370 live websites (13.16% of crypto-js install base)
Vulnerable Versions
  • from 0 before 3.2.1
Vulnerable Versions Count5 versions ( 31.25% of all versions)



Details

  • Published - Jun 12, 2023
  • Updated - Jan 6, 2025

CVE-2020-36732 usage by Country

United States1,406 websites



Korea, South199 websites
Netherlands74 websites
France66 websites
GB59 websites
India51 websites
Turkey50 websites
Russia37 websites
Singapore35 websites

CVE-2020-36732 usage by TLD

.com1,365 websites
.org79 websites
.io71 websites
.net60 websites
.com.br58 websites
.co.uk42 websites
.ca33 websites
.fi31 websites
.ru31 websites
.fr28 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-36732

Top websites that are affected by CVE-2020-36732. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
*********.fr United States**,***
************.com United States**,***
***********.com United States**,***
***********.fr France**,***
*******.**.********.com Australia**,***
****.***.com United States**,***
*******.com United States**,***
************.com United States**,***
*******.com China**,***
************.com United States**,***
See full domain list

FAQ

A total of 2,370 websites have been identified as vulnerable to CVE-2020-36732, discovered through global website indexing conducted by WebTechSurvey.
crypto-js is susceptible to CVE-2020-36732 vulnerability.
crypto-js versions before 3.2.1 are vulnerable to CVE-2020-36732.
Version 3.2.1 of crypto-js addresses the CVE-2020-36732 security vulnerability.