Critical severity vulnerability was found in maven org.apache.ozone:ozone-main (maven) .

In Apache Ozone versions prior to 1.2.0, Various internal server-to-server RPC endpoints are available for connections, making it possible for an attacker to download raw data from Datanode and Ozone manager and modify Ratis replication configuration.

References


Courtesy:https://github.com/advisories/GHSA-3w5h-x4rh-hc28

By admin

Leave a Reply

Your email address will not be published. Required fields are marked *