Advisory Database
  • Advisories
  • Dependency Scanning
  1. golang
  2. ›
  3. github.com/sylabs/singularity/internal/pkg/runtime/engines/singularity
  4. ›
  5. CVE-2021-33027

CVE-2021-33027: Insufficient Entropy

July 19, 2021 (updated July 28, 2021)

Sylabs Singularity Enterprise has Insufficient Entropy in a nonce value.

References

  • nvd.nist.gov/vuln/detail/CVE-2021-33027
  • support.sylabs.io/a/solutions/articles/42000086439

Detect and mitigate CVE-2021-33027 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 1.2.0 before 1.2.6, all versions starting from 1.3.0 before 1.3.4, all versions starting from 1.4.0 before 1.4.4, all versions starting from 1.5.0 before 1.5.4, all versions starting from 1.6.0 before 1.6.3

Fixed versions

  • 1.2.6
  • 1.3.4
  • 1.4.4
  • 1.5.4
  • 1.6.3

Solution

Upgrade to version 1.2.6, 1.3.4, 1.4.4, 1.5.4, or 1.6.3 or above

Impact 9.8 CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Learn more about CVSS

Source file

go/github.com/sylabs/singularity/internal/pkg/runtime/engines/singularity/CVE-2021-33027.yml

Spotted a mistake? Edit the file on GitLab.

  • Site Repo
  • About GitLab
  • Terms
  • Privacy Statement
  • Contact

Page generated Fri, 21 Mar 2025 12:15:04 +0000.