Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

github.com/satori/go.uuid: CVE-2021-3538 #1996

Closed
github-actions bot opened this issue Apr 15, 2022 · 1 comment
Closed

github.com/satori/go.uuid: CVE-2021-3538 #1996

github-actions bot opened this issue Apr 15, 2022 · 1 comment
Assignees
@knqyf263
Labels
kind/security Categorizes issue or PR as related to Trivy's own security or internal vulnerabilities.

Comments

@github-actions
Copy link

Title

satori/go.uuid: predictable UUIDs generated via insecure randomness

Description

A flaw was found in github.com/satori/go.uuid in versions from commit 0ef6afb2f6cdd6cdaeee3885a95099c63f18fc8c to d91630c8510268e75203009fe7daf2b8e1d60c45. Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.

Severity

CRITICAL

Primary URL

https://avd.aquasec.com/nvd/cve-2021-3538

References
@knqyf263
Copy link
Collaborator

Fixed

@knqyf263 knqyf263 added kind/security Categorizes issue or PR as related to Trivy's own security or internal vulnerabilities. and removed vulnerability labels Jun 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@knqyf263 knqyf263

Labels
kind/security Categorizes issue or PR as related to Trivy's own security or internal vulnerabilities.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@knqyf263