Vulnerability Details CVE-2022-30782
Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 54.2%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random
- https://github.com/openmoney/openmoney-api/blob/1b836e5826dfd59145223a8a48e6c45ddb325762/api/helpers/util.helper.js#L6
- https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random
- https://github.com/openmoney/openmoney-api/blob/1b836e5826dfd59145223a8a48e6c45ddb325762/api/helpers/util.helper.js#L6
Products affected by CVE-2022-30782
-
cpe:2.3:a:openmoney_api_project:openmoney_api:*