Insecure Randomness

Affecting github.com/satori/go.uuid package, versions =1.2.0

high severity

Overview

github.com/satori/go.uuid provides pure Go implementation of Universally Unique Identifier (UUID).

Affected versions of this package are vulnerable to Insecure Randomness producing predictable UUID identifiers due to the limited number of bytes read when using the g.rand.Read function.

Disclosure Timeline

Remediation

A fix was merged into the master branch but not yet published.

References

Do your applications use this vulnerable package?

Credit
josselin-c
CWE
CWE-338
Snyk ID
SNYK-GOLANG-GITHUBCOMSATORIGOUUID-72488
Disclosed
23 Mar, 2018
Published
24 Oct, 2018