cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| cdo-local-uuid(PyPI) | 0.4.0 | 0.5.0 | N/A |
| case-utils(PyPI) | 0.5.0 | 0.5.1 | N/A |
| case-utils(PyPI) | 0.6.0 | 0.6.1 | N/A |
| case-utils(PyPI) | 0.7.0 | 0.7.1 | N/A |
| case-utils(PyPI) | 0.8.0 | 0.8.1 | N/A |
| case-utils(PyPI) | 0.9.0 | 0.9.1 | N/A |
| case-utils(PyPI) | 0.10.0 | 0.10.1 | N/A |
| case-utils(PyPI) | 0.11.0 | 0.11.1 | N/A |
| case-utils(PyPI) | 0.12.0 | 0.12.1 | N/A |
| case-utils(PyPI) | 0.13.0 | 0.13.1 | N/A |
| case-utils(PyPI) | 0.14.0 | 0.14.1 | N/A |
CVSS Metrics
