[GH-ISSUE #189] Docker scout security check reports an issue with satori/go.uuid #124

New issue

Closed

opened 2026-03-15 12:44:53 +03:00 by kerem · 2 comments

kerem commented 2026-03-15 12:44:53 +03:00

Owner

Copy link

Originally created by @thomas-0816 on GitHub (Oct 15, 2023).
Original GitHub issue: https://github.com/axllent/mailpit/issues/189

Docker scout reports a security issue in satori/go.uuid@1.2.0.
Maybe this library could be replaced with an alternative? (see https://github.com/satori/go.uuid/issues/120)

To reproduce:

wget -qO- https://github.com/axllent/mailpit/releases/latest/download/mailpit-linux-amd64.tar.gz | tar xvz mailpit

docker scout cves fs://mailpit
    ✓ File system read
    ✓ Indexed 51 packages
    ✗ Detected 1 vulnerable package with 1 vulnerability

## Overview

                    │        Analyzed path         
────────────────────┼──────────────────────────────
  Target            │  fs://mailpit                
    vulnerabilities │    1C     0H     0M     0L   

## Packages and Vulnerabilities

   1C     0H     0M     0L  github.com/satori/go.uuid 1.2.0
pkg:golang/github.com/satori/go.uuid@1.2.0

    ✗ CRITICAL CVE-2021-3538
      https://scout.docker.com/v/CVE-2021-3538
      Affected range : <1.2.1-0.20181016170032-d91630c85102  
      Fixed version  : 1.2.1-0.20181016170032-d91630c85102   
    
1 vulnerability found in 1 package
  LOW       0  
  MEDIUM    0  
  HIGH      0  
  CRITICAL  1  

Thanks!

Originally created by @thomas-0816 on GitHub (Oct 15, 2023). Original GitHub issue: https://github.com/axllent/mailpit/issues/189 Docker scout reports a security issue in satori/go.uuid@1.2.0. Maybe this library could be replaced with an alternative? (see https://github.com/satori/go.uuid/issues/120) To reproduce: ``` wget -qO- https://github.com/axllent/mailpit/releases/latest/download/mailpit-linux-amd64.tar.gz | tar xvz mailpit docker scout cves fs://mailpit ✓ File system read ✓ Indexed 51 packages ✗ Detected 1 vulnerable package with 1 vulnerability ## Overview │ Analyzed path ────────────────────┼────────────────────────────── Target │ fs://mailpit vulnerabilities │ 1C 0H 0M 0L ## Packages and Vulnerabilities 1C 0H 0M 0L github.com/satori/go.uuid 1.2.0 pkg:golang/github.com/satori/go.uuid@1.2.0 ✗ CRITICAL CVE-2021-3538 https://scout.docker.com/v/CVE-2021-3538 Affected range : <1.2.1-0.20181016170032-d91630c85102 Fixed version : 1.2.1-0.20181016170032-d91630c85102 1 vulnerability found in 1 package LOW 0 MEDIUM 0 HIGH 0 CRITICAL 1 ``` Thanks!

kerem closed this issue 2026-03-15 12:44:58 +03:00

kerem commented 2026-03-15 12:45:05 +03:00

Author

Owner

Copy link

@axllent commented on GitHub (Oct 15, 2023):

Thanks for raising this issue. I'm surprised by this given that it was reported 2 years ago and still exists. I will look into a suitable replacement .

<!-- gh-comment-id:1763484072 --> @axllent commented on GitHub (Oct 15, 2023): Thanks for raising this issue. I'm surprised by this given that it was reported 2 years ago and still exists. I will look into a suitable replacement .

kerem commented 2026-03-15 12:45:10 +03:00

Author

Owner

Copy link

@axllent commented on GitHub (Oct 16, 2023):

This will be released in the next few hours 👍

<!-- gh-comment-id:1763713872 --> @axllent commented on GitHub (Oct 16, 2023): This will be released in the next few hours :+1:

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

develop

master

v1.29.7

v1.29.6

v1.29.5

v1.29.4

v1.29.3

v1.29.2

v1.29.1

v1.29.0

v1.28.4

v1.28.3

v1.28.2

v1.28.1

v1.28.0

v1.27.11

v1.27.10

v1.27.9

v1.27.8

v1.27.7

v1.27.6

v1.27.5

v1.27.4

v1.27.3

v1.27.2

v1.27.1

v1.27.0

v1.26.2

v1.26.1

v1.26.0

v1.25.1

v1.25.0

v1.24.2

v1.24.1

v1.24.0

v1.23.2

v1.23.1

v1.23.0

v1.22.3

v1.22.2

v1.22.1

v1.22.0

v1.21.8

v1.21.7

v1.21.6

v1.21.5

v1.21.4

v1.21.3

v1.21.2

v1.21.1

v1.21.0

v1.20.7

v1.20.6

v1.20.5

v1.20.4

v1.20.3

v1.20.2

v1.20.1

v1.20.0

v1.19.3

v1.19.2

v1.19.1

v1.19.0

v1.18.7

v1.18.6

v1.18.5

v1.18.4

v1.18.3

v1.18.2

v1.18.1

v1.18.0

v1.17.1

v1.17.0

v1.16.0

v1.15.1

v1.15.0

v1.14.4

v1.14.3

v1.14.2

v1.14.1

v1.14.0

v1.13.3

v1.13.2

v1.13.1

v1.13.0

v1.12.1

v1.12.0

v1.11.1

v1.11.0

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.7.1

v1.7.0

v1.6.22

v1.6.21

v1.6.20

v1.6.19

v1.6.18

v1.6.17

v1.6.16

v1.6.15

v1.6.14

v1.6.13

v1.6.12

v1.6.11

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.5

v1.5.4

v1.5.3

v1.5.2

v1.5.1

v1.5.0

v1.4.0

v1.3.11

v1.3.10

v1.3.9

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.9

v1.2.8

v1.2.7

v1.2.6

1.2.5

1.2.4

1.2.3

1.2.2

1.2.1

1.2.0

1.1.7

1.1.6

1.1.5

1.1.4

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta1

0.1.5

0.1.4

0.1.3

0.1.2

0.1.1

0.1.0

0.0.9

0.0.8

0.0.7

0.0.6

0.0.5

0.0.4

0.0.3

0.0.2

0.0.1-beta

Labels

Clear labels   

awaiting feedback

  

bug

  

docker

  

documentation

  

enhancement

  

github_actions

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

stale

  

wontfix

No labels

awaiting feedback

bug

docker

documentation

enhancement

github_actions

invalid

pull-request

question

stale

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/mailpit#124

No description provided.