Medium severity6.5NVD Advisory· Published Nov 19, 2021· Updated Jun 17, 2026
CVE-2021-39235
CVE-2021-39235
Description
In Apache Ozone before 1.2.0, Ozone Datanode doesn't check the access mode parameter of the block token. Authenticated users with valid READ block token can do any write operation on the same block.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.apache.ozone:ozone-mainMaven | < 1.2.0 | 1.2.0 |
Affected products
2- Apache Software Foundation/Apache Ozonev5Range: 1.0
Patches
Vulnerability mechanics
References
4- www.openwall.com/lists/oss-security/2021/11/19/6nvdMailing ListThird Party AdvisoryWEB
- github.com/advisories/GHSA-c6j7-4fr9-c76pghsaADVISORY
- mail-archives.apache.org/mod_mbox/ozone-dev/202111.mbox/%3C93f88246-4320-7423-0dac-ec7a07f47455%40apache.org%3EnvdMailing ListVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2021-39235ghsaADVISORY
News mentions
0No linked articles in our index yet.