Symfony version(s) affected: 5.x

Description
According to RFC 4122 "A Universally Unique IDentifier (UUID) URN Namespace", the field "time_hi_and_version" is random generated + the UUID version (the 4 most significants bits contains the version number).

Symfony\Component\Uid\UuidV4 at line 27 use binaries operator to set the 4 most significants bits of byte 7 to "\x40", but it set the 4 less significants bits to "\x0F" at the same time.
"\x00" should produce "\x40" but it produces "\x4F"
Thus, the time_hi that should normally be a value between x000 and xFFF, is, in fact, a value between xF00 and xFFF (reduction of the entropy from 4096 to 256). I'm not a security expert, ans I don't know if it's a security issue.

How to reproduce
UUID v4 is randomly generated, so it's impossible to reproduce it, but code analysis is clear :

if $uuid[6] contains "\x00" this code $uuid[6] = $uuid[6] & "\x0F" | "\x4F"; will produce "\x4F"
& "\x0F" is use to reset MSB to "0" ans | "\x4F" force to "4F"

Possible Solution
It's not "\x4F" but simply "\x40"