org.apache.hadoop:hadoop-ozone-s3gateway@0.4.0-alpha vulnerabilities
-
latest version
1.1.0
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
3 years ago
-
licenses detected
- [0.4.0-alpha,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.hadoop:hadoop-ozone-s3gateway package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.hadoop:hadoop-ozone-s3gateway is a distributed object store for Hadoop. Affected versions of this package are vulnerable to Improper Authorization. It allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys, thereby exposing data to anonymous clients or users. How to fix Improper Authorization? Upgrade |
[,1.1.0)
|
org.apache.hadoop:hadoop-ozone-s3gateway is a distributed object store for Hadoop. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the S3g landing page. How to fix Cross-site Scripting (XSS)? Upgrade |
[,0.4.1-alpha)
|