Insecure Randomness Affecting node-uuid package, versions <1.4.4

  • Attack Complexity


Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id


  • published

    28 Mar 2016

  • disclosed

    28 Mar 2016

  • credit

    Fedot Praslov

How to fix?

Upgrade node-uuid to version 1.4.4 or greater.


node-uuid is a Simple, fast generation of RFC4122 UUIDS.

Affected versions of this package are vulnerable to Insecure Randomness. It uses the cryptographically insecure Math.random which can produce predictable values and should not be used in security-sensitive context.