CVE-2021-29499

Name of the Vulnerable Software and Affected Versions SIF versions prior to v1.2.3

Description The issue is related to the github.com/satori/go.uuid module used as a dependency in SIF, which produces predictable UUID identifiers due to insecure randomness. This could allow a remote attacker to access confidential data. The siftool new command and siftool.New() function are affected.

Recommendations For versions prior to v1.2.3, upgrade to version >= v1.2.3 of the github.com/satori/go.uuid module to resolve the issue. As a temporary workaround, users passing CreateInfo struct should ensure the ID field is generated using a version of github.com/satori/go.uuid that is not vulnerable to this issue, such as the version obtained by running go get github.com/satori/go.uuid@75cca531ea763666bc46e531da3b4c3b95f64557.