Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
GoUtils's randomly-generated alphanumeric strings contain significantly less entropy than expected
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zODM5LTZyNjktbTQ5N84AAwoN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 2 years ago
Updated: 8 months ago
CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Percentage: 0.00209
EPSS Percentile: 0.58528
Identifiers: GHSA-3839-6r69-m497, CVE-2021-4238
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-4238
- https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
- https://pkg.go.dev/vuln/GO-2022-0411
- https://github.com/advisories/GHSA-3839-6r69-m497
Blast Radius: 39.0
Affected Packages
go:github.com/Masterminds/goutils
Dependent packages: 6,878Dependent repositories: 19,393
Downloads:
Affected Version Ranges: < 1.1.1
Fixed in: 1.1.1
All affected versions: 1.0.1, 1.1.0
All unaffected versions: 1.1.1