CVE-2017-16028

Summary

react-native-meteor-oauth is a library for Oauth2 login to a Meteor server in React Native. The oauth Random Token is generated using a non-cryptographically strong RNG (Math.random()).

Affected Software

VendorProductVersion RangeStatus
HackerOnereact-native-meteor-oauth node moduleAll versionsaffected

Weaknesses

  • CWE-330: Use of Insufficiently Random Values (CWE-330)

ADP Enrichment

CVE Program Container

Additional References

References