CVE-2024-22194 – cdo-local-uuid vulnerable to insertion of artifact derived from developer's Present Working Directory into demonstration code

https://notcve.org/view.php?id=CVE-2024-22194

11 Jan 2024 — cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. El proyecto cdo-local-uuid ... • https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235 • CWE-215: Insertion of Sensitive Information Into Debugging Code CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG) •