Publish GHSA-3w3w-pxmm-2w2j

advisory-database[bot] · advisory-database[bot] · commit 613c68b05cd3 · 2026-03-16T21:33:18.000Z
diff --git a/advisories/github-reviewed/2023/06/GHSA-3w3w-pxmm-2w2j/GHSA-3w3w-pxmm-2w2j.json b/advisories/github-reviewed/2023/06/GHSA-3w3w-pxmm-2w2j/GHSA-3w3w-pxmm-2w2j.json
@@ -1,13 +1,13 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-3w3w-pxmm-2w2j",
-  "modified": "2025-01-06T18:35:21Z",
+  "modified": "2026-03-16T21:31:59Z",
   "published": "2023-06-12T03:30:17Z",
   "aliases": [
     "CVE-2020-36732"
   ],
   "summary": "crypto-js uses insecure random numbers",
-  "details": "The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string \"0.\" with an integer, which makes the output more predictable than necessary.",
+  "details": "The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string \"0.\" with an integer, which makes the output more predictable than necessary.",
   "severity": [
     {
       "type": "CVSS_V3",
@@ -25,13 +25,16 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "3.2.0"
             },
             {
               "fixed": "3.2.1"
             }
           ]
         }
+      ],
+      "versions": [
+        "3.2.0"
       ]
     }
   ],
@@ -52,6 +55,10 @@
       "type": "WEB",
       "url": "https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/brix/crypto-js/commit/b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5"
+    },
     {
       "type": "WEB",
       "url": "https://github.com/brix/crypto-js/commit/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b"

Original file line number	Diff line number	Diff line change
`@@ -1,13 +1,13 @@`
`1`	`1`	`{`
`2`	`2`	`"schema_version": "1.4.0",`
`3`	`3`	`"id": "GHSA-3w3w-pxmm-2w2j",`
`4`		`- "modified": "2025-01-06T18:35:21Z",`
	`4`	`+ "modified": "2026-03-16T21:31:59Z",`
`5`	`5`	`"published": "2023-06-12T03:30:17Z",`
`6`	`6`	`"aliases": [`
`7`	`7`	`"CVE-2020-36732"`
`8`	`8`	`],`
`9`	`9`	`"summary": "crypto-js uses insecure random numbers",`
`10`		`- "details": "The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string \"0.\" with an integer, which makes the output more predictable than necessary.",`
	`10`	`+ "details": "The crypto-js package 3.2.0 for Node.js generates random numbers by concatenating the string \"0.\" with an integer, which makes the output more predictable than necessary.",`
`11`	`11`	`"severity": [`
`12`	`12`	`{`
`13`	`13`	`"type": "CVSS_V3",`
`@@ -25,13 +25,16 @@`
`25`	`25`	`"type": "ECOSYSTEM",`
`26`	`26`	`"events": [`
`27`	`27`	`{`
`28`		`- "introduced": "0"`
	`28`	`+ "introduced": "3.2.0"`
`29`	`29`	`},`
`30`	`30`	`{`
`31`	`31`	`"fixed": "3.2.1"`
`32`	`32`	`}`
`33`	`33`	`]`
`34`	`34`	`}`
	`35`	`+ ],`
	`36`	`+ "versions": [`
	`37`	`+ "3.2.0"`
`35`	`38`	`]`
`36`	`39`	`}`
`37`	`40`	`],`
`@@ -52,6 +55,10 @@`
`52`	`55`	`"type": "WEB",`
`53`	`56`	`"url": "https://github.com/brix/crypto-js/pull/257/commits/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b"`
`54`	`57`	`},`
	`58`	`+ {`
	`59`	`+ "type": "WEB",`
	`60`	`+ "url": "https://github.com/brix/crypto-js/commit/b405ff597fb3ac76a7bdfbc72dca10ba1079b1d5"`
	`61`	`+ },`
`55`	`62`	`{`
`56`	`63`	`"type": "WEB",`
`57`	`64`	`"url": "https://github.com/brix/crypto-js/commit/e4ac157d8b75b962d6538fc0b996e5d4d5a9466b"`