CVE-2021-29499: Use of Insufficiently Random Values
(updated )
SIF is an open source implementation of the Singularity Container Image Format. The siftool new
command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid
module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade.
References
Detect and mitigate CVE-2021-29499 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →