data/reports/GO-2022-0411.yaml - vulndb - Git at Google

 modules:
   - module: github.com/Masterminds/goutils
     versions:
       - fixed: 1.1.1
     vulnerable_at: 1.1.0
     packages:
       - package: github.com/Masterminds/goutils
         symbols:
           - RandomAlphaNumeric
           - CryptoRandomAlphaNumeric
 description: |
     Randomly-generated alphanumeric strings contain significantly less entropy
     than expected.

     The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
     strings containing at least one digit from 0 to 9. This significantly
     reduces the amount of entropy in short strings generated by these functions.
 published: 2022-07-01T20:08:24Z
 ghsas:
   - GHSA-3839-6r69-m497
   - GHSA-xg2h-wx96-xgxr
 references:
   - fix: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
 cve_metadata:
     id: CVE-2021-4238
     cwe: 'CWE 330: Use of Insufficiently Random Values'
	modules:
	- module: github.com/Masterminds/goutils
	versions:
	- fixed: 1.1.1
	vulnerable_at: 1.1.0
	packages:
	- package: github.com/Masterminds/goutils
	symbols:
	- RandomAlphaNumeric
	- CryptoRandomAlphaNumeric
	description: \|
	Randomly-generated alphanumeric strings contain significantly less entropy
	than expected.

	The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
	strings containing at least one digit from 0 to 9. This significantly
	reduces the amount of entropy in short strings generated by these functions.
	published: 2022-07-01T20:08:24Z
	ghsas:
	- GHSA-3839-6r69-m497
	- GHSA-xg2h-wx96-xgxr
	references:
	- fix: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
	cve_metadata:
	id: CVE-2021-4238
	cwe: 'CWE 330: Use of Insufficiently Random Values'