CVE-2021-41532
maven/org.apache.ozone/ozone
Exposure of Resource to Wrong Sphere
In Apache Ozone, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.
All versions before 1.2.0
Upgrade to version 1.2.0 or above.
2021-11-22
source |