CVE-2020-35214
Description
An issue in Atomix v3.1.5 allows a malicious Atomix node to remove states of ONOS storage via abuse of primitive operations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A malicious Atomix node in v3.1.5 can abuse primitive operations to delete ONOS storage states, leading to data loss.
Vulnerability
Atomix v3.1.5 contains a flaw where a malicious node can abuse primitive operations to remove states from ONOS storage. The issue is in the distributed primitive implementation, allowing unauthorized deletion of state data. [1]
Exploitation
An attacker must have control of a node within the Atomix cluster. No authentication is required beyond being a participating node. The attacker can send crafted primitive operations that delete storage states, bypassing normal safeguards. [1]
Impact
Successful exploitation results in deletion of ONOS storage states, causing data loss and potential disruption of network operations. The attacker gains the ability to corrupt or destroy critical state information. [1]
Mitigation
As of the publication date (2021-12-16), no patch has been released. Users should monitor the Atomix project for updates. The affected version is v3.1.5. [2] No workaround is documented.
AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
io.atomix:atomixMaven | <= 3.1.5 | — |
Affected products
3- Atomix/Atomixdescription
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3- github.com/advisories/GHSA-m4h3-7mc2-v295ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-35214ghsaADVISORY
- docs.google.com/presentation/d/1wJi4QJko5ZCdADuzmAG9ed-nQLyJVkLBJf6cylAL71A/editghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.