You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@tez.apache.org by "Aman Raj (Jira)" <ji...@apache.org> on 2022/06/06 07:30:00 UTC
[jira] [Created] (TEZ-4426) [CVE-2018-1000620] Upgrade cryptiles version from 2.0.5 to 4.1.2 to fix vulnerability
Aman Raj created TEZ-4426:
-----------------------------
Summary: [CVE-2018-1000620] Upgrade cryptiles version from 2.0.5 to 4.1.2 to fix vulnerability
Key: TEZ-4426
URL: https://issues.apache.org/jira/browse/TEZ-4426
Project: Apache Tez
Issue Type: Sub-task
Reporter: Aman Raj
Versions of {{cryptiles}} prior to 4.1.2 are vulnerable to Insufficient Entropy. The {{randomDigits()}} method does not provide sufficient entropy and its generates digits that are not evenly distributed.
--
This message was sent by Atlassian Jira
(v8.20.7#820007)