{"id":"GO-2022-0411","summary":"Insufficient randomness in github.com/Masterminds/goutils","details":"Randomly-generated alphanumeric strings contain significantly less entropy than expected.\n\nThe RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.","aliases":["CVE-2021-4238","GHSA-3839-6r69-m497","GHSA-xg2h-wx96-xgxr"],"modified":"2026-03-17T04:17:54.135525Z","published":"2022-07-01T20:08:24Z","related":["CGA-cx55-8x76-2v73","RHSA-2023:0540"],"database_specific":{"url":"https://pkg.go.dev/vuln/GO-2022-0411","review_status":"REVIEWED"},"references":[{"type":"FIX","url":"https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1"}],"affected":[{"package":{"name":"github.com/Masterminds/goutils","ecosystem":"Go","purl":"pkg:golang/github.com/Masterminds/goutils"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.1.1"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/Masterminds/goutils","symbols":["CryptoRandomAlphaNumeric","RandomAlphaNumeric"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2022-0411.json"}}],"schema_version":"1.7.5"}