Описание
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
Уязвимые конфигурации
Конфигурация 1Версия до 1.2.0 (включая)
Одно из
cpe:2.3:a:gofiber:utils:*:*:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta1:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta10:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta11:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta12:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta13:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta14:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta2:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta3:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta4:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta5:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta6:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta7:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta8:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:beta9:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:rc1:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:rc2:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:rc3:*:*:*:go:*:*
cpe:2.3:a:gofiber:utils:2.0.0:rc4:*:*:*:go:*:*
EPSS
Процентиль: 20%
0.00065
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-252
CWE-252
Связанные уязвимости
github
2 месяца назад
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
EPSS
Процентиль: 20%
0.00065
Низкий
9.8 Critical
CVSS3
Дефекты
CWE-252
CWE-252