The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
We have discovered 2,370 live websites that are affected by CVE-2020-36732.
Product | crypto-js |
Category | JavaScript Libraries |
Vulnerable Domains | 2,370 live websites (13.16% of crypto-js install base) |
Vulnerable Versions |
|
Vulnerable Versions Count | 5 versions ( 31.25% of all versions) |
United States | 1,406 websites |
Korea, South | 199 websites |
Netherlands | 74 websites |
France | 66 websites |
GB | 59 websites |
India | 51 websites |
Turkey | 50 websites |
Russia | 37 websites |
Singapore | 35 websites |
.com | 1,365 websites |
.org | 79 websites |
.io | 71 websites |
.net | 60 websites |
.com.br | 58 websites |
.co.uk | 42 websites |
.ca | 33 websites |
.fi | 31 websites |
.ru | 31 websites |
.fr | 28 websites |
Domain | Country | Rank | Contacts |
---|---|---|---|
*********.fr | United States | **,*** | |
************.com | United States | **,*** | |
***********.com | United States | **,*** | |
***********.fr | France | **,*** | |
*******.**.********.com | Australia | **,*** | |
****.***.com | United States | **,*** | |
*******.com | United States | **,*** | |
************.com | United States | **,*** | |
*******.com | China | **,*** | |
************.com | United States | **,*** |
FAQ