CVE-2017-16028

EPSS 1.4%CWE-330

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

Affected products

HackerOne · react-native-meteor-oauth node module

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/tableflip/react-native-meteor-oauth/blob/a7eb738b74c469f5db20296b44b7cae4e2337435/src/meteor-oauth.js#L66 https://nodesecurity.io/advisories/157