Vulnerability Report: GO-2022-0244
- CVE-2021-3538, GHSA-33m6-q9v5-62r7
- Affects: github.com/satori/go.uuid
- Published: Jul 15, 2022
- Modified: May 20, 2024
Random data used to create UUIDs can contain zeros, resulting in predictable UUIDs and possible collisions.
Affected Packages
-
PathGo VersionsSymbols
-
from v1.2.1-0.20180103161547-0ef6afb2f6cd before v1.2.1-0.20180404165556-75cca531ea76
Aliases
References
- https://github.com/satori/go.uuid/pull/75
- https://github.com/satori/go.uuid/commit/75cca531ea763666bc46e531da3b4c3b95f64557
- https://github.com/satori/go.uuid/issues/73
- https://vuln.go.dev/ID/GO-2022-0244.json
Credits
- @josselin-c
Feedback
See anything missing or incorrect?
Suggest an edit to this report.