CVE-2017-16028 (Medium) detected in randomatic-1.1.7.tgz

## CVE-2017-16028 - Medium Severity Vulnerability
<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/vulnerability_details.png' width=19 height=20> Vulnerable Library - randomatic-1.1.7.tgz</summary>

Generate randomized strings of a specified length, fast. Only the length is necessary, but you can optionally generate patterns using any combination of numeric, alpha-numeric, alphabetical, special or custom characters.
Library home page: <a href="https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz">https://registry.npmjs.org/randomatic/-/randomatic-1.1.7.tgz</a>
Path to dependency file: angular/integration/injectable-def/yarn.lock
Path to vulnerable library: angular/integration/injectable-def/yarn.lock,angular/aio/yarn.lock,angular/integration/hello_world__systemjs_umd/yarn.lock,angular/integration/cli-hello-world/yarn.lock,angular/integration/ng_update/yarn.lock,angular/integration/dynamic-compiler/yarn.lock,angular/integration/ng_elements/yarn.lock,angular/integration/hello_world__closure/yarn.lock,angular/integration/i18n/yarn.lock


Dependency Hierarchy:
 - lite-server-2.2.2.tgz (Root Library)
 - browser-sync-2.23.5.tgz
 - chokidar-1.7.0.tgz
 - anymatch-1.3.2.tgz
 - micromatch-2.3.11.tgz
 - braces-1.8.5.tgz
 - expand-range-1.8.2.tgz
 - fill-range-2.2.3.tgz
 - :x: **randomatic-1.1.7.tgz** (Vulnerable Library)
Found in HEAD commit: <a href="https://github.com/gate5/angular/commit/cf1f1c0344fa01406f61ff7437a72714be39b47e">cf1f1c0344fa01406f61ff7437a72714be39b47e</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/medium_vul.png' width=19 height=20> Vulnerability Details</summary>
 
 
react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

Publish Date: 2018-06-04
URL: <a href=https://vuln.whitesourcesoftware.com/vulnerability/CVE-2017-16028>CVE-2017-16028</a>

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/cvss3.png' width=19 height=20> CVSS 3 Score Details (5.3)</summary>


Base Score Metrics:
- Exploitability Metrics:
 - Attack Vector: Network
 - Attack Complexity: Low
 - Privileges Required: None
 - User Interaction: None
 - Scope: Unchanged
- Impact Metrics:
 - Confidentiality Impact: Low
 - Integrity Impact: None
 - Availability Impact: None

For more information on CVSS3 Scores, click <a href="https://www.first.org/cvss/calculator/3.0">here</a>.

</details>

<details><summary><img src='https://whitesource-resources.whitesourcesoftware.com/suggested_fix.png' width=19 height=20> Suggested Fix</summary>


Type: Upgrade version
Origin: <a href="https://www.npmjs.com/advisories/157/versions">https://www.npmjs.com/advisories/157/versions</a>
Release Date: 2018-06-04
Fix Resolution: 3.0.0


</details>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2017-16028 (Medium) detected in randomatic-1.1.7.tgz #185

CVE-2017-16028 - Medium Severity Vulnerability

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2017-16028 (Medium) detected in randomatic-1.1.7.tgz #185

Description

CVE-2017-16028 - Medium Severity Vulnerability

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions