CVE-2021-3538: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
(updated )
Due to insecure randomness in the g.rand.Read function the generated UUIDs are predictable for an attacker.
References
Detect and mitigate CVE-2021-3538 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →