Homepage
About Snyk

org.apache.hadoop:hadoop-hdds-server-framework@0.5.0-beta vulnerabilities

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the org.apache.hadoop:hadoop-hdds-server-framework package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass. Ozone Datanode does not check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.

How to fix Access Restriction Bypass?

Upgrade org.apache.hadoop:hadoop-hdds-server-framework to version 1.1.0 or higher.

[,1.1.0)
  • H
Access Restriction Bypass

Affected versions of this package are vulnerable to Access Restriction Bypass. Container-related Datanode requests of Ozone Datanode were not properly authorized and can be called by any client.

How to fix Access Restriction Bypass?

Upgrade org.apache.hadoop:hadoop-hdds-server-framework to version 1.2.0 or higher.

[,1.2.0)
Go back to all versions of this package