## Summary Critical security vulnerabilities exist in both the `UUIDv4()` and `UUID()` functions of the `github.com/gofiber/utils` package. When the system's cryptographic random number generator (`crypto/rand`) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID `"00000000-0000-0000-0000-000000000000"`. This compromises the security of all Fiber applications using these functions for security-critical operations. **Both functions are vulnerable to the same root cause (`crypto/rand` failure):** - `UUIDv4()`: Indirect vulnerability through `uu…
GHSA-m98w-cqp3-qcqr: Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Critical vulnerabilities in Fiber Utils UUIDv4 and UUID functions silently fall back to predictable values when crypto/rand fails, compromising Fiber applications' security.