CVE-2020-35215: Exposure of Resource to Wrong Sphere

December 17, 2021 (updated January 4, 2022)

An issue in Atomix v3.1.5 allows attackers to access sensitive information when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.

References

github.com/advisories/GHSA-g7p8-r2ch-4rmf
nvd.nist.gov/vuln/detail/CVE-2020-35215

Detect and mitigate CVE-2020-35215 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →