Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DOTNET-NODEUUID-60198
- published 28 Mar 2016
- disclosed 28 Mar 2016
- credit Fedot Praslov
Introduced: 28 Mar 2016CVE NOT AVAILABLE CWE-330 Open this link in a new tab
How to fix?
Upgrade to version 1.4.4 or greater.
A bug in
node-uuid prior to 1.4.4 caused it to use the cryptographically insecure
Math.random which can produce predictable values and should not be used in security-sensitive context.