Severity
8.1
High severity
Details
- CVSS score
- 8.1
- CVSS vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Overview
About vulnerability
uuid is for the creation of RFC9562 (formerly RFC4122) UUIDs. Prior to 14.0.0, v3, v5, and v6 accept external output buffers but do not reject out-of-range writes (small buf or large offset). This allows silent partial writes into caller-provided buffers. This vulnerability is fixed in 14.0.0.Details
- Affected product:
- AlmaLinux 9.2 ESU , Next.js , Node.js , React , TuxCare 9.6 ESU , astro , aws-sdk , browser-env , canvg , config-plugins , configstore , cordova-node-xcode , db0 , devtools , drizzle-orm , ember-cli , expo , expo-router , expo-sqlite , jQuery , javascript-test-reporter , jayson , jest , jsdom , jspdf , last-release-npm , leek , libcipm , libnpm , loopback , loopback-connector , loopback-connector-remote , loopback-datasource-juggler , ng-packagr , nitro , npm , npm-lifecycle , npm-registry-client , nuxt , prebuild-config , protractor , request , requestretry , sass-loader , semantic-release , sockjs , strong-remoting , styled-jsx , unstorage , uuid , vite , vite-dev-rpc , vite-hot-client , vite-plugin-checker , vite-plugin-inspect , vite-plugin-vue , vite-plugin-vue-inspector , vite-plugin-vue-tracer , vitefu , webdriver-manager , webpack-dev-middleware , webpack-dev-server , webpack-log , window
- Affected packages:
- uuid @ 11.0.5 (+320 more)