github.com/satori/go.uuid is reported by Snyk as High vulnerable

Question

github.com/satori/go.uuid is reported by Snyk as High vulnerable

skayle-denis opened this issue 5 years ago · 0 comments

 Insecure Randomness
Vulnerable module: github.com/satori/go.uuid
Introduced through: github.com/thundra-io/thundra-lambda-agent-go/thundra@2.2.3
Exploit maturity: No known exploit
Detailed paths
Introduced through: bitbucket.org/subtra@0.0.0 › github.com/thundra-io/thundra-lambda-agent-go/thundra@2.2.3 › github.com/thundra-io/thundra-lambda-agent-go/metric@2.2.3 › github.com/satori/go.uuid@1.2.0
Introduced through: bitbucket.org/subtra@0.0.0 › github.com/thundra-io/thundra-lambda-agent-go/thundra@2.2.3 › github.com/thundra-io/thundra-lambda-agent-go/agent@2.2.3 › github.com/thundra-io/thundra-lambda-agent-go/utils@2.2.3 › github.com/satori/go.uuid@1.2.0
Introduced through: bitbucket.org/subtra@0.0.0 › github.com/thundra-io/thundra-lambda-agent-go/thundra@2.2.3 › github.com/thundra-io/thundra-lambda-agent-go/trace@2.2.3 › github.com/thundra-io/thundra-lambda-agent-go/utils@2.2.3 › github.com/satori/go.uuid@1.2.0
…and 26 more

Overview
github.com/satori/go.uuid provides pure Go implementation of Universally Unique Identifier (UUID).

Affected versions of this package are vulnerable to Insecure Randomness producing predictable UUID identifiers due to the limited number of bytes read when using the g.rand.Read function.