CVE-2015-8851

Опубликовано: 30 янв. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

Ссылки

http://www.openwall.com/lists/oss-security/2016/04/13/8
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1327056
Issue Tracking
Patch
Third Party Advisory
https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
Patch
https://nodesecurity.io/advisories/93
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/04/13/8
Mailing List
Patch
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1327056
Issue Tracking
Patch
Third Party Advisory
https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
Patch
https://nodesecurity.io/advisories/93
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:node-uuid_project:node-uuid:*:*:*:*:*:node.js:*:*

Версия до 1.4.4 (исключая)

EPSS

Процентиль: 64%

0.00477

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-331

Связанные уязвимости

CVE-2015-8851

CVSS3: 7.5

ubuntu

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CVE-2015-8851

redhat

почти 10 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

CVE-2015-8851

CVSS3: 7.5

debian

около 6 лет назад

node-uuid before 1.4.4 uses insufficiently random data to create a GUI ...

GHSA-265q-28rp-chq5

CVSS3: 7.5

github

почти 6 лет назад

Insecure Entropy Source - Math.random() in node-uuid

EPSS

Процентиль: 64%

0.00477

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-331