io.atomix:atomix-cluster@3.0.5 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the io.atomix:atomix-cluster package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass by allowing unauthorized Atomix nodes to join a target cluster via providing configuration information.

How to fix Access Restriction Bypass?

There is no fixed version for io.atomix:atomix-cluster.

[0,)
  • L
Information Exposure

Affected versions of this package are vulnerable to Information Exposure when a malicious Atomix node queries distributed variable primitives which contain the entire primitive lists that ONOS nodes use to share important states.

How to fix Information Exposure?

There is no fixed version for io.atomix:atomix-cluster.

[0,)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via a Raft session flooding attack using Raft OpenSessionRequest messages.

How to fix Denial of Service (DoS)?

There is no fixed version for io.atomix:atomix-cluster.

[0,)
  • L
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via false link event messages sent to a master ONOS node.

How to fix Denial of Service (DoS)?

There is no fixed version for io.atomix:atomix-cluster.

[0,)
  • M
Improper Access Control

Affected versions of this package are vulnerable to Improper Access Control by allowing a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.

How to fix Improper Access Control?

There is no fixed version for io.atomix:atomix-cluster.

[0,)
  • M
Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass by allowing unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.

How to fix Access Restriction Bypass?

There is no fixed version for io.atomix:atomix-cluster.

[0,)
  • M
Denial of Service (DoS)

Affected versions of this package are vulnerable to Denial of Service (DoS) via false member down event messages.

How to fix Denial of Service (DoS)?

Upgrade io.atomix:atomix-cluster to version 3.1.6 or higher.

[,3.1.6)