Ajnelson-Nist

**Name of the Vulnerable Software and Affected Versions** cdo-local-uuid version 0.4.0 case-utils versions 0.5.0 through 0.14.0 **Description** An information leakage vulnerability is present in the affected software. The vulnerability stems from a Python function, `cdo local uuid.local uuid()`, and its original implementation `case utils.local uuid()`. This function generates UUIDv5s using a deterministic pseudorandom number stream. Under certain conditions, a user's present working directory, as an absolute path, was incorporated into seed data for the `local uuid()` deterministic pseudorandom number stream, violating an expectation made in the documented purpose of the `local uuid()` function and leaking information about a calling user's environment. **Recommendations** For cdo-local-uuid version 0.4.0, upgrade to version 0.5.0 or later. For case-utils versions 0.5.0 through 0.14.0, upgrade to version 0.15.0 or later. As a temporary workaround, consider moving the script calling `cdo local uuid.local uuid()` out of the "Top" source directory to address the issue.