x/vulndb: potential Go vuln in github.com/rclone/rclone: GHSA-rmw5-xpg9-jr29

[GoVulnBot]

In GitHub Security Advisory GHSA-rmw5-xpg9-jr29, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/rclone/rclone	1.53.3	< 1.53.3

Cross references:

• CVE-2020-28924 appears in issue #878 NOT_IMPORTABLE
• GHSA-rmw5-xpg9-jr29 appears in issue #878 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 1.53.3
    packages:
      - package: github.com/rclone/rclone
description: 'An issue was discovered in Rclone before 1.53.3. Due to the use of a
    weak random number generator, the password generator has been producing weak passwords
    with much less entropy than advertised. The suggested passwords depend deterministically
    on the time the second rclone was started. This limits the entropy of the passwords
    enormously. These passwords are often used in the crypt backend for encryption
    of data. It would be possible to make a dictionary of all possible passwords with
    about 38 million entries per password length. This would make decryption of secret
    material possible with a plausible amount of effort. NOTE: all passwords generated
    by affected versions should be changed.'
cves:
  - CVE-2020-28924
ghsas:
  - GHSA-rmw5-xpg9-jr29

[tatianab]

Duplicate of https://github.com/golang/vulndb/issues/878