cdo-local-uuid 容易将从开发人员当前工作目录派生的工件插入到演示代码中 (CVE-2024-22194)

admin

0
文章

0
评论

2024-01-13 15:10:37 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

cdo-local-uuid 容易将从开发人员当前工作目录派生的工件插入到演示代码中 (CVE-2024-22194)

CVE编号

CVE-2024-22194

利用情况

暂无

补丁情况

N/A

披露时间

2024-01-11

漏洞描述

cdo-local-uuid项目提供了一个特殊的UUID生成函数，可以在用户请求时使程序生成确定性的UUID。在版本0.4.0的cdo-local-uuid和未修复版本（匹配模式为0.x.0）0.5.0到0.15.0之间的case-utils中存在信息泄露漏洞。该漏洞源于Python函数cdo_local_uuid.local_uuid()及其原始实现case_utils.local_uuid()。

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882d...
https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f...
https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8...
https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4...
https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50...
https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ec...
https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888...
https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f4...
https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea...
https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0...
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7...
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4
https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advi...