Affecting github.com/satori/go.uuid package, versions =1.2.0
github.com/satori/go.uuid provides pure Go implementation of Universally Unique Identifier (UUID).
Affected versions of this package are vulnerable to Insecure Randomness producing predictable
UUID identifiers due to the limited number of bytes read when using the
- Jun 3th, 2018 - The vulnerability introduced by replacing the function
rand.Read()with the function
- Mar 23th, 2018- An issue was reported.
- Oct 16th, 2018 Issue fixed
A fix was merged into the master branch but not yet published.
Do your applications use this vulnerable package?
- Snyk ID
- 23 Mar, 2018
- 24 Oct, 2018