Affected versions of this package are vulnerable to Insecure Randomness. The secureRandom() method is supposed to return a cryptographically strong pseudo-random data string, but it is biased to certain digits. An attacker could be able to guess the created digits.
Remediation
Upgrade crypto-js to version 3.2.1 or higher.
https://app.snyk.io/vuln/SNYK-JS-CRYPTOJS-548472 Insecure Randomness affecting crypto-js package, versions <3.2.1
Affected versions of this package are vulnerable to Insecure Randomness. The secureRandom() method is supposed to return a cryptographically strong pseudo-random data string, but it is biased to certain digits. An attacker could be able to guess the created digits.
Remediation Upgrade crypto-js to version 3.2.1 or higher.
References GitHub Commit
GitHub Issue