Back to bug 1327056
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Andrej Nemec | 2016-04-14 07:53:15 UTC | Blocks | 1322326 | |
| Andrej Nemec | 2016-04-14 07:53:30 UTC | Depends On | 1327057 | |
| Andrej Nemec | 2016-04-14 07:53:37 UTC | Depends On | 1327058 | |
| Andrej Nemec | 2016-04-14 07:53:45 UTC | Depends On | 1327059 | |
| Kurt Seifried | 2016-05-04 23:44:45 UTC | Depends On | 1333209 | |
| Kurt Seifried | 2016-09-20 19:54:30 UTC | Doc Text | It was found that NodeJS node-uuid used Math.random() to create a GUID (Globally Unique Identifier) which does not provide enough entropy (on some platforms it only provides 32 bits) which can result in collisions of GUIDs. An attacker could use this to guess GUID values and leverage further attacks against a system using node-uuid. | |
| Kurt Seifried | 2016-09-20 19:57:43 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-09-20 15:57:43 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:47:33 UTC | Whiteboard | impact=moderate,public=20160330,reported=20160330,source=internet,cvss2=4.3/AV:A/AC:M/Au:N/C:P/I:P/A:N,cwe=CWE-331,fedora-all/nodejs-node-uuid=affected,epel-6/nodejs-node-uuid=affected,epel-7/nodejs-node-uuid=affected,rhscl-2/nodejs010-nodejs-node-uuid=affected,openshift-enterprise-3/nodejs-node-uuid=affected | |
| Jamie Nguyen | 2020-11-05 10:32:58 UTC | CC | jamielinux |
Back to bug 1327056