VYPR
Low severityNVD Advisory· Published Jan 11, 2024· Updated Jun 3, 2025

cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

CVE-2024-22194

Description

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function, cdo_local_uuid.local_uuid(), and its original implementation case_utils.local_uuid().

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cdo-local-uuidPyPI
>= 0.4.0, < 0.5.00.5.0
case-utilsPyPI
>= 0.5.0, < 0.5.10.5.1
case-utilsPyPI
>= 0.6.0, < 0.6.10.6.1
case-utilsPyPI
>= 0.7.0, < 0.7.10.7.1
case-utilsPyPI
>= 0.8.0, < 0.8.10.8.1
case-utilsPyPI
>= 0.9.0, < 0.9.10.9.1
case-utilsPyPI
>= 0.10.0, < 0.10.10.10.1
case-utilsPyPI
>= 0.11.0, < 0.11.10.11.1
case-utilsPyPI
>= 0.12.0, < 0.12.10.12.1
case-utilsPyPI
>= 0.13.0, < 0.13.10.13.1
case-utilsPyPI
>= 0.14.0, < 0.14.10.14.1

Affected products

3

Patches

Vulnerability mechanics

References

18

News mentions

0

No linked articles in our index yet.