mend-bolt-for-github[bot]
commented
1 year ago :heavy_check_mark: This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
CVE-2021-4238 - Critical Severity Vulnerability
GoUtils is a Go implementation of some string manipulation libraries of Apache Commons. This is an open source project aimed at providing Go users with utility functions to manipulate strings in various ways.
Library home page: https://proxy.golang.org/github.com/masterminds/goutils/@v/v1.1.0.zip
Dependency Hierarchy: - github.com/Masterminds/sprig-v2.22.0+incompatible (Root Library) - :x: **github.com/Masterminds/goutils-v1.1.0** (Vulnerable Library)
Found in HEAD commit: 2aada85674c55286335b211e44ebd8a6e4c394bb
Found in base branch: master
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Publish Date: 2022-12-27
URL: CVE-2021-4238
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2022-12-27
Fix Resolution: v1.1.1
Step up your Open Source Security Game with Mend here