blob: 8b6f4dfb4f1ed38837d56b204f4d13562232c061 [file] [log] [blame]
id: GO-2022-0411
modules:
- module: github.com/Masterminds/goutils
versions:
- fixed: 1.1.1
vulnerable_at: 1.1.0
packages:
- package: github.com/Masterminds/goutils
symbols:
- RandomAlphaNumeric
- CryptoRandomAlphaNumeric
summary: Insufficient randomness in github.com/Masterminds/goutils
description: |-
Randomly-generated alphanumeric strings contain significantly less entropy than
expected.
The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return
strings containing at least one digit from 0 to 9. This significantly reduces
the amount of entropy in short strings generated by these functions.
published: 2022-07-01T20:08:24Z
ghsas:
- GHSA-3839-6r69-m497
- GHSA-xg2h-wx96-xgxr
references:
- fix: https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
cve_metadata:
id: CVE-2021-4238
cwe: 'CWE 330: Use of Insufficiently Random Values'
review_status: REVIEWED