uuid is RFC4122 (v1 and v4) generator.
Affected versions of the package use the
Math.random() function which may generate already-used numbers after 24,000 cycles, making the values predictable for objects requiring unpredictability. It is possible for an attacker to guess the next value to be generated and may use this to access sensitive information.
uuid to version 1.3.1 or higher.
- Robert Kieffer
- Snyk ID
- 29 Dec, 2011
- 13 Feb, 2017