CVE-2023-30797: Lemur subject to insecure random generation
(updated )
The potentially affected generated items include:
References
- github.com/Netflix/lemur
- github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238
- github.com/Netflix/lemur/issues/3888
- github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm
- github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md
- github.com/advisories/GHSA-5fqv-mpj8-h7gm
- github.com/pypa/advisory-database/tree/main/vulns/lemur/PYSEC-2023-20.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-30797
- vulncheck.com/advisories/netflix-lemur-weak-rng
Code Behaviors & Features
Detect and mitigate CVE-2023-30797 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →