CVE-2015-8851

High

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified…

redhat·CWE-331·Published 2020-01-30

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

166 chars

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

NVDen

166 chars

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

Affected versions of `node-uuid` consistently fall back to using `Math.random` as an entropy source instead of `crypto`, which may result in guessable UUID's. ## Recommendation Update to version 1.4.4 or later.

GHSAen

214 chars

NVDes

217 chars

node-uuid versiones anteriores a 1.4.4, utiliza datos insuficientemente aleatorios para crear un GUID, lo que podría facilitar a atacantes tener un impacto no especificado por medio de la adivinación por fuerza bruta.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
3.1	Secondary	GHSA	7.5	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N