Medium severity6.8NVD Advisory· Published Nov 19, 2021· Updated Jun 17, 2026
CVE-2021-39234
CVE-2021-39234
Description
In Apache Ozone versions prior to 1.2.0, Authenticated users knowing the ID of an existing block can craft specific request allowing access those blocks, bypassing other security checks like ACL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ozone:ozone-mainMaven | < 1.2.0 | 1.2.0 |
Affected products
2- Apache Software Foundation/Apache Ozonev5Range: 1.1
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2021/11/19/5nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-c8cw-2c5j-xff3ghsaADVISORY
- mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C97d65498-7f8c-366f-1bea-5a74b6378f0d%40apache.org%3EnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-39234ghsaADVISORY
News mentions
0No linked articles in our index yet.