GHSA-3839-6r69-m497

Опубликовано: 28 дек. 2022

Источник: github

Github: Прошло ревью

CVSS3: 9.1

Описание

Duplicate Advisory: GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-xg2h-wx96-xgxr. This link is maintained to preserve external references.

Original Description

Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.

Ссылки

https://nvd.nist.gov/vuln/detail/CVE-2021-4238
https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
https://pkg.go.dev/vuln/GO-2022-0411

Пакеты

Наименование

github.com/Masterminds/goutils

Затронутые версииВерсия исправления

< 1.1.1

1.1.1

9.1 Critical

CVSS3

Дефекты

CWE-331

9.1 Critical

CVSS3

Дефекты

CWE-331