GMS-2019-28: Cryptographically Weak PRNG in generate-password

May 23, 2019 (updated August 4, 2021)

Affected versions of generate-password generate random values that are biased towards certain characters depending on the chosen character sets. This may result in guessable passwords. Update to or later.

References

github.com/advisories/GHSA-6qqf-vvcr-7qrv
github.com/brendanashworth/generate-password/pull/26
www.npmjs.com/advisories/762

Code Behaviors & Features

Detect and mitigate GMS-2019-28 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →