New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security vulnerability in crypto-js@4.2.0 #467

Closed

syukronarie opened this issue Oct 25, 2023 · 1 comment

syukronarie commented Oct 25, 2023

Hi maintainers,

I am reporting a security vulnerability in crypto-js@4.2.0
Vulnerability type: Use of Weak Hash [High Severity]
Additional information: https://security.snyk.io/vuln/SNYK-JS-CRYPTOJS-6028119

Best regards,
Arie

Member

evanvosberg commented Oct 25, 2023

This is wrong, the vulnerability effects all versions prior 4.2.0

The vulnerability only effects usage of PBKDF2 and only if you use it with the weak default configuration.

evanvosberg closed this as completed

silvermind mentioned this issue

[BUG] update crypto-js to >= 4.2.0 thorswap/SwapKit#407

Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment