A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1954376 | Issue Tracking Third Party Advisory |
https://github.com/satori/go.uuid/issues/73 | Third Party Advisory |
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488 | Third Party Advisory |
Configurations
History
11 Oct 2024, 15:23
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:satori:uuid:-:*:*:*:*:go:*:* | |
First Time |
Satori uuid
Satori |
Information
Published : 2021-06-02 14:15
Updated : 2024-10-11 15:23
NVD link : CVE-2021-3538
Mitre link : CVE-2021-3538
CVE.ORG link : CVE-2021-3538
JSON object : View
Products Affected
satori
- uuid
CWE
CWE-338
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)