You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@tez.apache.org by "Aman Raj (Jira)" <ji...@apache.org> on 2022/06/06 07:30:00 UTC

[jira] [Created] (TEZ-4426) [CVE-2018-1000620] Upgrade cryptiles version from 2.0.5 to 4.1.2 to fix vulnerability

Aman Raj created TEZ-4426:
-----------------------------

             Summary: [CVE-2018-1000620] Upgrade cryptiles version from 2.0.5 to 4.1.2 to fix vulnerability
                 Key: TEZ-4426
                 URL: https://issues.apache.org/jira/browse/TEZ-4426
             Project: Apache Tez
          Issue Type: Sub-task
            Reporter: Aman Raj


Versions of {{cryptiles}} prior to 4.1.2 are vulnerable to Insufficient Entropy. The {{randomDigits()}} method does not provide sufficient entropy and its generates digits that are not evenly distributed.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)