| packages: |
| - module: github.com/satori/go.uuid |
| symbols: |
| - NewV4 |
| - rfc4122Generator.getClockSequence |
| - rfc4122Generator.getHardwareAddr |
| derived_symbols: |
| - NewV1 |
| - NewV2 |
| - init |
| - safeRandom |
| versions: |
| - fixed: 1.2.1-0.20181016170032-d91630c85102 |
| description: | |
| UUIDs generated using NewV1 and NewV4 may not read the expected |
| number of random bytes. These UUIDs may contain a significantly smaller |
| amount of entropy than expected, possibly leading to collisions. |
| published: 2021-04-14T20:04:52Z |
| cves: |
| - CVE-2021-3538 |
| credit: '@josselin-c' |
| links: |
| pr: https://github.com/satori/go.uuid/pull/75 |
| commit: https://github.com/satori/go.uuid/commit/d91630c8510268e75203009fe7daf2b8e1d60c45 |
| context: |
| - https://github.com/satori/go.uuid/issues/73 |