CVE-2021-41532: Exposure of Resource to Wrong Sphere

November 23, 2021

In Apache Ozone before 1.2.0, Recon HTTP endpoints provide access to OM, SCM and Datanode metadata. Due to a bug, any unauthenticated user can access the data from these endpoints.

References

github.com/advisories/GHSA-gc37-9g7f-96fx
nvd.nist.gov/vuln/detail/CVE-2021-41532

Detect and mitigate CVE-2021-41532 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →