Playground link - N/A
The package github.com/satori/go.uuid@v1.2.0 introduces a vulnerabiltiy to the postgres driver for gorm, meaning we cannot use the default postgres driver and would need to write our own driver to get past this. Wondering if it would be possible to have the dependency github.com/satori/go.uuid@v1.2.0 updated or removed.
Details of vulnerability:
Affected versions of this package are vulnerable to Insecure Randomness producing predictable UUID identifiers due to the limited number of bytes read when using the g.rand.Read function.
Playground link - N/A
The package github.com/satori/go.uuid@v1.2.0 introduces a vulnerabiltiy to the postgres driver for gorm, meaning we cannot use the default postgres driver and would need to write our own driver to get past this. Wondering if it would be possible to have the dependency
github.com/satori/go.uuid@v1.2.0updated or removed.Details of vulnerability:
Affected versions of this package are vulnerable to Insecure Randomness producing predictable UUID identifiers due to the limited number of bytes read when using the g.rand.Read function.