VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-x7u9-n1hb-aaab

Essentials
Severities (101)
References (31)
Severity details (11)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-x7u9-n1hb-aaab
Aliases	CVE-2021-4238 GHSA-3839-6r69-m497
Summary	Randomly-generated alphanumeric strings contain significantly less entropy than expected. The RandomAlphaNumeric and CryptoRandomAlphaNumeric functions always return strings containing at least one digit from 0 to 9. This significantly reduces the amount of entropy in short strings generated by these functions.
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-331

Insufficient Entropy

System	Score	Found at
cvssv3	7.0	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4238.json
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00191	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00233	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00262	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
epss	0.00521	https://api.first.org/data/v1/epss?cve=CVE-2021-4238
cvssv3.1	9.1	https://github.com/Masterminds/goutils
generic_textual	CRITICAL	https://github.com/Masterminds/goutils
cvssv3.1	9.1	https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
generic_textual	CRITICAL	https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
ssvc	Track	https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
cvssv3	9.1	https://nvd.nist.gov/vuln/detail/CVE-2021-4238
cvssv3.1	9.1	https://nvd.nist.gov/vuln/detail/CVE-2021-4238
cvssv3.1	9.1	https://pkg.go.dev/vuln/GO-2022-0411
generic_textual	CRITICAL	https://pkg.go.dev/vuln/GO-2022-0411
ssvc	Track	https://pkg.go.dev/vuln/GO-2022-0411

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4238.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-4238
		https://github.com/Masterminds/goutils
		https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1
		https://pkg.go.dev/vuln/GO-2022-0411
2156729		https://bugzilla.redhat.com/show_bug.cgi?id=2156729
cpe:2.3:a:goutils_project:goutils::::::go::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:goutils_project:goutils::::::go::*
CVE-2021-4238		https://nvd.nist.gov/vuln/detail/CVE-2021-4238
RHSA-2023:0449		https://access.redhat.com/errata/RHSA-2023:0449
RHSA-2023:0540		https://access.redhat.com/errata/RHSA-2023:0540
RHSA-2023:0542		https://access.redhat.com/errata/RHSA-2023:0542
RHSA-2023:0561		https://access.redhat.com/errata/RHSA-2023:0561
RHSA-2023:0565		https://access.redhat.com/errata/RHSA-2023:0565
RHSA-2023:0569		https://access.redhat.com/errata/RHSA-2023:0569
RHSA-2023:0574		https://access.redhat.com/errata/RHSA-2023:0574
RHSA-2023:0651		https://access.redhat.com/errata/RHSA-2023:0651
RHSA-2023:0728		https://access.redhat.com/errata/RHSA-2023:0728
RHSA-2023:0770		https://access.redhat.com/errata/RHSA-2023:0770
RHSA-2023:0774		https://access.redhat.com/errata/RHSA-2023:0774
RHSA-2023:0802		https://access.redhat.com/errata/RHSA-2023:0802
RHSA-2023:0803		https://access.redhat.com/errata/RHSA-2023:0803
RHSA-2023:0804		https://access.redhat.com/errata/RHSA-2023:0804
RHSA-2023:0899		https://access.redhat.com/errata/RHSA-2023:0899
RHSA-2023:1154		https://access.redhat.com/errata/RHSA-2023:1154
RHSA-2023:1159		https://access.redhat.com/errata/RHSA-2023:1159
RHSA-2023:1170		https://access.redhat.com/errata/RHSA-2023:1170
RHSA-2023:1270		https://access.redhat.com/errata/RHSA-2023:1270
RHSA-2023:1297		https://access.redhat.com/errata/RHSA-2023:1297
RHSA-2023:1326		https://access.redhat.com/errata/RHSA-2023:1326
RHSA-2023:1393		https://access.redhat.com/errata/RHSA-2023:1393
RHSA-2023:3742		https://access.redhat.com/errata/RHSA-2023:3742

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-4238.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/Masterminds/goutils

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:17:07Z/ Found at https://github.com/Masterminds/goutils/commit/869801f20f9f1e7ecdbdb6422049d8241270d5e1

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4238

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-4238

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H Found at https://pkg.go.dev/vuln/GO-2022-0411

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-04-11T16:17:07Z/ Found at https://pkg.go.dev/vuln/GO-2022-0411

Exploit Prediction Scoring System (EPSS)

Percentile	0.57227
EPSS Score	0.00191
Published At	Nov. 1, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.