The discovery of a "Use of Weak Hash" vulnerability in crypto-js and crypto-es, two open-source JavaScript libraries for cryptographic standards, has been made public. The vulnerability, identified by security researcher Zemnmez, affects all previous versions of the libraries due to inadequate security settings in the PBKDF2 (Algo) class, which uses insecure SHA1 and has a low iteration count of 1. This allows attackers to perform brute-force attacks when using the default parameters. New versions of the crypto-es library have been released to address the issue, while the crypto-js library has a fix but is not actively maintained and should be considered for alternative options. To prepare for remediation, users can use Snyk to quickly find impacted projects and container images, navigate to their Dependencies view, expand the filter, type in "crypto-js" or "crypto-es", select individual versions or tick the Select all shortcut, and then click outside of the filter. Snyk Advisor can help gauge the health of packages, while enhancements to the primary project or ecosystem should be followed. Users can detect vulnerabilities using Snyk's CLI, SCM integrations, reporting, or insights, and prioritize fixes using the Risk Score. To fix vulnerabilities in open source or container base images, users can update their base image to a newer tag with a fixed vulnerability or specify the iterations parameter in their usage of PBKDF2.