Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

IMPORTANT: Unresolved CVE on latest release (CVE-2021-3538 ) #115

Open
cameracker opened this issue May 6, 2021 · 1 comment
Open

IMPORTANT: Unresolved CVE on latest release (CVE-2021-3538 ) #115

cameracker opened this issue May 6, 2021 · 1 comment

Comments

@cameracker
Copy link

cameracker commented May 6, 2021
edited
Loading

A CVE has been filed for a 3 year old defect that is fixed on master but has never been tagged and released. With this defect, periodically the UUID V4s will contain mostly 0's.

https://github.com/gofrs/uuid is a maintained fork that addresses this problem and is actively maintained.

#73
@alfrunes alfrunes mentioned this issue Jun 30, 2021
Merged
picatz added a commit to hashicorp/packer-plugin-azure that referenced this issue Jul 9, 2021
@picatz
Bump github.com/Azure/azure-sdk-for-go to v53.0.0
e0c0fa4 
The previously used version included a vulnerable dependency related to satori/go.uuid#115 and Azure/azure-sdk-for-go#3158
@picatz picatz mentioned this issue Jul 9, 2021
Merged
@jgimenez jgimenez mentioned this issue Jul 12, 2021
Closed
azr pushed a commit to hashicorp/packer-plugin-azure that referenced this issue Jul 13, 2021
@picatz
Bump github.com/Azure/azure-sdk-for-go to v53.0.0 (#117)
9e201cb 
The previously used version included a vulnerable dependency related to satori/go.uuid#115 and Azure/azure-sdk-for-go#3158
s7v7nislands pushed a commit to s7v7nislands/bytebase that referenced this issue Jul 13, 2021
Replace unmaintained uuid package
3a311ea 
IMPORTANT: Unresolved CVE on latest release (CVE-2021-3538 )
satori/go.uuid#115
Add deprecation notice in favor of github.com/gofrs/uuid and archive
this repo
satori/go.uuid#84
more issues: https://github.com/satori/go.uuid/issues/

use github.com/google/uuid, which is more active
@s7v7nislands s7v7nislands mentioned this issue Jul 13, 2021
Merged
@nywilken nywilken mentioned this issue Jul 21, 2021
Merged
@Technerder Technerder mentioned this issue Jul 26, 2021
Open
@skythet skythet mentioned this issue Aug 15, 2021
Merged
@lvrach lvrach mentioned this issue Oct 25, 2021
Merged
@ornxka ornxka mentioned this issue Oct 25, 2021
Closed
12 tasks
@KN4CK3R KN4CK3R mentioned this issue Jan 15, 2022
Closed
@PushkarJ PushkarJ mentioned this issue Jan 24, 2022
Closed
2 tasks
@FlyingOnion
Copy link

The fork github.com/gofrs/uuid does not support go module, so I cherry-pick it to my gitee repo https://gitee.com/gofrs/uuid. Package main page: https://pkg.go.dev/gitee.com/gofrs/uuid/v4

This organization has nothing to do with gofrs in github. I just want to urge them to support go module asap.

@dronnix dronnix mentioned this issue Apr 9, 2022
Merged
@vincentni vincentni mentioned this issue Jun 20, 2022
Closed
5 tasks
@tooolbox tooolbox mentioned this issue Sep 22, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cameracker @FlyingOnion