CVE-2021-3538

CRITICAL

github.com/satori/go.uuid - Info Disclosure

Title source: llm

Description

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

References (3)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=1954376

[Third Party Advisory] https://github.com/satori/go.uuid/issues/73

[Third Party Advisory] https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488

Scores

CVSS v3 9.8

EPSS 0.0093

EPSS Percentile 76.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-338

Status published

Products (2)

satori/go.uuid 1.2.1-0.20180103161547-0ef6afb2f6cd - 1.2.1-0.20180404165556-75cca531ea76Go

satori/uuid

Published Jun 02, 2021

Tracked Since Feb 18, 2026