cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
References
Configurations
Configuration 1 (hide)
|
History
19 Jan 2024, 19:03
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-11 03:15
Updated : 2024-02-05 00:22
NVD link : CVE-2024-22194
Mitre link : CVE-2024-22194
CVE.ORG link : CVE-2024-22194
JSON object : View
Products Affected
lfprojects
- case_python_utilities
- cdo_local_uuid_utility