CVE-2024-22194
LOWDescription
cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`.
Is your site exposed to CVE-2024-22194?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | case_python_utilities |
| lfprojects | cdo_local_uuid_utility |
References
Advisories & Patches
Frequently Asked Questions
What is CVE-2024-22194? +
How severe is CVE-2024-22194? +
What products are affected by CVE-2024-22194? +
How do I check if I'm vulnerable to CVE-2024-22194? +
Related Vulnerabilities
A information disclosure when DEBUG loglevel is set in SUSE Rancher AI Agent 1.0 before 1.0.2 could leak API keys …
An information disclosure vulnerability in Ivanti ITSM on-prem and Neurons for ITSM versions 2023.4 and earlier allows an unauthenticated attacker …
Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 1.0.735 Application 20.0.1330 allows Debug Bundle Contains Sensitive Data V-2022-003.
The Contec Co.,Ltd. CONPROSYS HMI System (CHS) exposes a PHP phpinfo() debug page to unauthenticated users that may contain sensitive …
Insertion of Sensitive Information Into Debugging Code vulnerability in Klarna Klarna Order Management for WooCommerce klarna-order-management-for-woocommerce allows Retrieve Embedded Sensitive …
Insertion of Sensitive Information Into Debugging Code vulnerability in importify Importify (Dropshipping WooCommerce) importify allows Retrieve Embedded Sensitive Data.This issue …