CVE-2021-3538

CRITICAL

github.com/satori/go.uuid - Info Disclosure

Title source: llm
STIX 2.1

Description

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

References (3)

Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1954376
Third Party Advisory x_refsource_misc
https://github.com/satori/go.uuid/issues/73
Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488

Scores

CVSS v3 9.8
EPSS 0.0231
EPSS Percentile 81.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-338
Status published
Products (2)
satori/go.uuid 1.2.1-0.20180103161547-0ef6afb2f6cd - 1.2.1-0.20180404165556-75cca531ea76Go
satori/uuid
Published Jun 02, 2021
Tracked Since Feb 18, 2026