Description
The v3(), v5(), and v6() API methods (not uuid release versions) accept external output buffers but do not reject out-of-range writes (small buf or large offset).
By contrast, v4(), v1(), and v7() API methods explicitly throw RangeError on invalid bounds.
Recommendation
Update the uuid package to the latest compatible version. Followings are version details:
Affected version(s): **< 11.1.1 >= 13.0.0, < 13.0.1 >= 12.0.0, < 12.0.1** Patched version(s): **11.1.1 13.0.1 12.0.1**
References
Related Issues
- Forge has signature forgery in Ed25519 due to missing S > L check - CVE-2026-33895
- StudioCMS S3 Storage Manager Authorization Bypass via Missing `await` on Async Auth Check - CVE-2026-32101
- StudioCMS: REST API Missing Rank Check Allows Admin to Create Peer Admin Accounts - CVE-2026-32106
- Elliptic's ECDSA missing check for whether leading bit of r and s is zero - CVE-2024-42460
You might also like:
- Tags:
- npm
- uuid
Anything's wrong? Let us know Last updated on May 21, 2026