Low severityNVD Advisory· Published Dec 27, 2022· Updated Apr 11, 2025
Insufficient randomness in github.com/Masterminds/goutils
CVE-2021-4238
Description
Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/Masterminds/goutilsGo | < 1.1.1 | 1.1.1 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/dynamic-localpv-provisionerpkg:apk/chainguard/dynamic-localpv-provisioner-fipspkg:apk/wolfi/dynamic-localpv-provisionerpkg:golang/github.com/masterminds/goutils
< 3.4.1-r3+ 3 more
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 1.1.1
- github.com/Masterminds/goutils/github.com/Masterminds/goutilsv5Range: 0
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-xg2h-wx96-xgxrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-4238ghsaADVISORY
- github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1ghsaWEB
- github.com/Masterminds/goutils/commit/f1923532a168b8203bfe956d8cd3b17ebece5982ghsaWEB
- github.com/Masterminds/goutils/releases/tag/v1.1.1ghsaWEB
- github.com/Masterminds/goutils/security/advisories/GHSA-xg2h-wx96-xgxrghsaWEB
- pkg.go.dev/vuln/GO-2022-0411ghsaWEB
News mentions
0No linked articles in our index yet.