We found results for “”
CVE-2024-22194
Good to know:
Date: January 10, 2024
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
Language: Python
Severity Score
Related Resources (16)
Severity Score
Weakness Type (CWE)
Top Fix
Upgrade Version
Upgrade to version case-utils - 0.5.1,0.6.1,0.7.1,0.8.1,0.9.1,0.10.1,0.11.1,0.12.1,0.13.1,0.14.1, cdo-local-uuid - 0.5.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | LOCAL |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | REQUIRED |
Scope (S): | UNCHANGED |
Confidentiality (C): | LOW |
Integrity (I): | NONE |
Availability (A): | NONE |