CVE-2021-41117

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG) in npm/keypair

Identifiers

CVE-2021-41117, GHSA-3f99-hvg4-qjwj

Package Slug

npm/keypair

Vulnerability

Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)

Description

An issue was discovered where this library was generating identical RSA keys used in SSH.

Affected Versions

All versions before 1.0.4

Solution

Upgrade to version 1.0.4 or above.

Last Modified

2021-10-22

source