reports/GO-2022-0411.yaml - vulndb - Git at Google

 packages:
   - module: github.com/Masterminds/goutils
     symbols:
       - RandomAlphaNumeric
       - CryptoRandomAlphaNumeric
     versions:
       - fixed: 1.1.1
     vulnerable_at: 1.1.0
 description: |
     Randomly-generated alphanumeric strings contain significantly less entropy
     than expected.

     The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
     strings containing at least one digit from 0 to 9. This significantly
     reduces the amount of entropy in short strings generated by these functions.
 ghsas:
   - GHSA-xg2h-wx96-xgxr
 cve_metadata:
     id: CVE-2021-4238
     cwe: "CWE 330: Use of Insufficiently Random Values"
 links:
     commit: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
	packages:
	- module: github.com/Masterminds/goutils
	symbols:
	- RandomAlphaNumeric
	- CryptoRandomAlphaNumeric
	versions:
	- fixed: 1.1.1
	vulnerable_at: 1.1.0
	description: \|
	Randomly-generated alphanumeric strings contain significantly less entropy
	than expected.

	The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
	strings containing at least one digit from 0 to 9. This significantly
	reduces the amount of entropy in short strings generated by these functions.
	ghsas:
	- GHSA-xg2h-wx96-xgxr
	cve_metadata:
	id: CVE-2021-4238
	cwe: "CWE 330: Use of Insufficiently Random Values"
	links:
	commit: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1