CVE-2024-22194 – cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

https://notcve.org/view.php?id=CVE-2024-22194

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. El proyecto cdo-local-uuid proporciona una función especializada de generación de UUID que puede, a petición del usuario, hacer que un programa genere UUID deterministas. Una vulnerabilidad de fuga de información está presente en `cdo-local-uuid` en la versión `0.4.0`, y en `case-utils` en versiones sin parches (que coinciden con el patrón `0.x.0`) en y desde `0.5. 0`, antes de `0.15.0`. • https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4 https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882 https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9 https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490ef • CWE-215: Insertion of Sensitive Information Into Debugging Code CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •