CVE-2021-23451: Use of Insufficiently Random Values
(updated )
The package otp-generator before 3.0.0 is vulnerable to Insecure Randomness due to insecure generation of random one-time passwords, which may allow a brute-force attack.
References
Detect and mitigate CVE-2021-23451 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →