Is CryptoJS vulnerable to the OpenSSL Heartbleed bug?
We are using CryptoJS in our application. Since CryptoJS uses OpenSSL, are we vulnerable to the Heartbleed bug? If yes, what can we do to prevent it?
Since 'crypto.js' uses open SSL ,are we vulnerable to heartbleeding attack?
The heartbleed attack is connected to "handling of the Transport Layer Security (TLS) heartbeat extension".
So, heartbleed attack is possible only if crypto.js has TLS / SSL server or client; and you are using its as TLS / SSL server or client.
If you don't use TLS from it, (or if the library has no tls/ssl client as it looks like to be - can't find TLS in sources) - you are not vulnerable to heartbleed.
If yes,what can we do to prevent it?
Update your system's OpenSSL library; Check the servers and clients which are connecting to you for heartbleed vulnerability.