CVE-2021-29499: Use of Insufficiently Random Values

May 7, 2021 (updated May 19, 2021)

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade.

References

nvd.nist.gov/vuln/detail/CVE-2021-29499

Code Behaviors & Features

Detect and mitigate CVE-2021-29499 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →