Skip to content
This repository has been archived by the owner on May 22, 2024. It is now read-only.

github.com/satori/go.uuid-v1.2.0: 1 vulnerabilities (highest severity is: 9.8) - autoclosed #66

Closed
mend-for-github-com bot opened this issue Mar 19, 2022 · 1 comment
Labels
Mend: dependency security vulnerability Security vulnerability detected by WhiteSource

Comments

@mend-for-github-com
Copy link

Vulnerable Library - github.com/satori/go.uuid-v1.2.0

UUID package for Go

Vulnerabilities

CVE Severity CVSS Dependency Type Fixed in Remediation Available
CVE-2021-3538 High 9.8 github.com/satori/go.uuid-v1.2.0 Direct github.com/satori/go.uuid - 75cca531ea763666bc46e531da3b4c3b95f64557

Details

CVE-2021-3538

Vulnerable Library - github.com/satori/go.uuid-v1.2.0

UUID package for Go

Dependency Hierarchy:

  • github.com/satori/go.uuid-v1.2.0 (Vulnerable Library)

Found in base branch: improbable

Vulnerability Details

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

Publish Date: 2021-06-02

URL: CVE-2021-3538

CVSS 3 Score Details (9.8)

Base Score Metrics:

  • Exploitability Metrics:
    • Attack Vector: Network
    • Attack Complexity: Low
    • Privileges Required: None
    • User Interaction: None
    • Scope: Unchanged
  • Impact Metrics:
    • Confidentiality Impact: High
    • Integrity Impact: High
    • Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: satori/go.uuid#75

Release Date: 2021-06-02

Fix Resolution: github.com/satori/go.uuid - 75cca531ea763666bc46e531da3b4c3b95f64557

@mend-for-github-com mend-for-github-com bot added the Mend: dependency security vulnerability Security vulnerability detected by WhiteSource label Mar 19, 2022
@mend-for-github-com
Copy link
Author

✔️ This issue was automatically closed by WhiteSource because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the WhiteSource inventory.

@mend-for-github-com mend-for-github-com bot changed the title github.com/satori/go.uuid-v1.2.0: 1 vulnerabilities (highest severity is: 9.8) github.com/satori/go.uuid-v1.2.0: 1 vulnerabilities (highest severity is: 9.8) - autoclosed Mar 20, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Mend: dependency security vulnerability Security vulnerability detected by WhiteSource
Projects
None yet
Development

No branches or pull requests

0 participants