Authors: Created by IBM

A vulnerability in crypto.js library affects IBM WebSphere Application Server Liberty with the openidConnectServer-1.0 feature enabled. CVEID:  CVE-2020-36732^[1]
DESCRIPTION:  The crypto-js package before 3.2.1 for Node.js generates random numbers by concatenating the string "0." with an integer, which makes the output more predictable than necessary.
CWE:  CWE-330:Use of Insufficiently Random Values^[2]
...

Just published by IBM: Read more