CVE-2015-8851

Name of the Vulnerable Software and Affected Versions: node-uuid versions prior to 1.4.4

Description: The issue is related to the generation of GUIDs using insufficiently random data, which could make it easier for attackers to have an unspecified impact via brute force guessing. Affected versions of node-uuid consistently fall back to using Math.random as an entropy source instead of crypto, resulting in potentially guessable UUIDs.

Recommendations: Update to version 1.4.4 or later. As a temporary workaround, consider avoiding the use of node-uuid for generating sensitive identifiers until the issue is resolved. Restrict access to applications using node-uuid to minimize the risk of exploitation.