CVE-2022-30782

CVE-2022-30782

EPSS 1.0%

Openmoney API through 2020-06-29 uses the JavaScript Math.random function, which does not provide cryptographically secure random numbers.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random https://github.com/openmoney/openmoney-api/blob/1b836e5826dfd59145223a8a48e6c45ddb325762/api/helpers/util.helper.js#L6