-
Notifications
You must be signed in to change notification settings - Fork 601
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
IMPORTANT: Unresolved CVE on latest release (CVE-2021-3538 ) #115
Comments
picatz
added a commit
to hashicorp/packer-plugin-azure
that referenced
this issue
Jul 9, 2021
The previously used version included a vulnerable dependency related to satori/go.uuid#115 and Azure/azure-sdk-for-go#3158
azr
pushed a commit
to hashicorp/packer-plugin-azure
that referenced
this issue
Jul 13, 2021
The previously used version included a vulnerable dependency related to satori/go.uuid#115 and Azure/azure-sdk-for-go#3158
s7v7nislands
pushed a commit
to s7v7nislands/bytebase
that referenced
this issue
Jul 13, 2021
IMPORTANT: Unresolved CVE on latest release (CVE-2021-3538 ) satori/go.uuid#115 Add deprecation notice in favor of github.com/gofrs/uuid and archive this repo satori/go.uuid#84 more issues: https://github.com/satori/go.uuid/issues/ use github.com/google/uuid, which is more active
12 tasks
2 tasks
The fork This organization has nothing to do with gofrs in github. I just want to urge them to support go module asap. |
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A CVE has been filed for a 3 year old defect that is fixed on master but has never been tagged and released. With this defect, periodically the UUID V4s will contain mostly 0's.
https://github.com/gofrs/uuid is a maintained fork that addresses this problem and is actively maintained.
#73
The text was updated successfully, but these errors were encountered: