GHSA-6x93-h9g3-9phr, CVE-2021-23451
npm/otp-generator
Use of Insufficiently Random Values
The package otp-generator before 3.0.0 is vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.
All versions before 3.0.0
Upgrade to version 3.0.0 or above.
2022-08-09
source |