Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Predictable SIF UUID Identifiers
Vulnerability Description
SIF is an open source implementation of the Singularity Container Image Format. The `siftool new` command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the `github.com/satori/go.uuid` module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure the `ID` field is generated using a version of `github.com/satori/go.uuid` that is not vulnerable to this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
使用不充分的随机数
Vulnerability Title
Singularity Image Format 安全特征问题漏洞
Vulnerability Description
Singularity Image Format(SIF)是Singularity 团队(Singularity)的一个压缩的squashfs文件系统,它具有块的组织结构,包括元数据和用于容器的定义文件,首标,分区的内容,签名(如果存在的话),以及当然,二进制文件本身的容器。 Singularity Image Format 1.2.3之前版本存在安全特征问题漏洞,该漏洞源于github.com/satori/go.uuid模块的依赖版本中的随机性不安全。
CVSS Information
N/A
Vulnerability Type
N/A