CVE-2021-39235
maven/org.apache.ozone/ozone-datanode
Incorrect Permission Assignment for Critical Resource
In Apache Ozone, Ozone Datanode does not check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
All versions before 1.2.0
Upgrade to version 1.2.0 or above.
2021-11-22
source |