CVE-2015-8851

Опубликовано: 30 янв. 2020

Источник: debian

EPSS Низкий

Описание

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-uuid	fixed	1.4.7-1		package

Примечания

https://github.com/broofa/node-uuid/issues/108
https://github.com/broofa/node-uuid/issues/118
https://github.com/broofa/node-uuid/issues/122
https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
nodejs not covered by security support

EPSS

Процентиль: 65%

0.00477

Низкий

Связанные уязвимости

CVE-2015-8851

CVSS3: 7.5

ubuntu

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CVE-2015-8851

redhat

около 10 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CVE-2015-8851

CVSS3: 7.5

nvd

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

GHSA-265q-28rp-chq5

CVSS3: 7.5

github

почти 6 лет назад

Insecure Entropy Source - Math.random() in node-uuid

EPSS

Процентиль: 65%

0.00477

Низкий