Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Vulnerability Description
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
CVSS Information
N/A
Vulnerability Type
未加检查的返回值
Vulnerability Title
Fiber Utils 安全特征问题漏洞
Vulnerability Description
Fiber Utils是Fiber开源的一个通用函数库。 Fiber Utils 2.0.0-rc.3及之前版本存在安全特征问题漏洞,该漏洞源于随机数生成器失败时返回可预测UUID,可能导致安全操作被破坏。
CVSS Information
N/A
Vulnerability Type
N/A