CVE-2015-8851

Published: 30 January 2020

node-uuid before 1.4.4 uses insufficiently random data to create a GUID, which could make it easier for attackers to have unspecified impact via brute force guessing.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
node-uuid
Launchpad, Ubuntu, Debian
Upstream
Released (1.4.4)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(1.4.7-5)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not present)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d