Uploaded image for project: 'Apache Tez'
  1. Apache Tez
  2. TEZ-4419 Upgrade node and yarn version and fix npm security issues in Tez UI module
  3. TEZ-4426

[CVE-2018-1000620] Upgrade cryptiles version from 2.0.5 to 4.1.2 to fix vulnerability

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.10.2
    • None
    • None

    Description

      Versions of cryptiles prior to 4.1.2 are vulnerable to Insufficient Entropy. The randomDigits() method does not provide sufficient entropy and its generates digits that are not evenly distributed.

      Attachments

        Issue Links

          links to

          Web Link GitHub Pull Request #227

          Activity

            People

              amanraj2520 Aman Raj
              amanraj2520 Aman Raj
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0h
                  0h
                  Logged:
                  Time Spent - 1h 10m
                  1h 10m