Impact

Generation of insufficiently random numbers in java.util.UUID.randomUUID() allows attackers to predict future generated UUIDs via observation of previously generated UUIDs (observing a single generated UUID may be sufficient). Depending on whether and how particular applications expose and use the generated UUIDs, the actual vector and impact vary.

If you use java.util.UUID.randomUUID() to generate user-visible UUIDs, and predicting subsequent UUIDs poses a security risk to your application, you are affected.

In addition, the underlying PRNG has only 48 bits of state, which means that at most 2^48 different UUIDs may be generated by randomUUID(). This can cause likely collisions between generated UUIDs.

Patches

Scala.js v1.10.0 fixes the issue. It uses java.security.SecureRandom to implement randomUUID().

java.security.SecureRandom is not provided by Scala.js core. Therefore, to be able to use randomUUID(), you will need to add a dependency on scalajs-java-securerandom. Failing to do so will result in linking errors (i.e., fastLinkJS/fullLinkJS will fail).

Workarounds

If you cannot upgrade, you should generate UUIDs using a different method than randomUUID(). Use a better random number generator, for example crypto.getRandomValues() in browsers or require("crypto").randomFillSync in Node.js.

References

• #4657 Scala.js should not provide a cryptographically insecure UUID.randomUUID() implementation