cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code
What kind of vulnerability is it? Who is impacted? An information leakage vulnerability is present in cdo-local-uuid at version 0.4.0, and in case-utils in unpatched versions (matching the pattern 0.x.0) at and since 0.5.0, before 0.15.0. The vulnerability stems from a Python function, cdo_local_uuid.local_uuid(), and its original implementation case_utils.local_uuid(). Henceforth, both will be called local_uuid(). local_uuid() generates UUIDv5s using a deterministic pseudorandom number stream. This was written to make graph …