CVE-2020-35211: An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node.

December 17, 2021 (updated January 4, 2022)

An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to become the lead node in a target cluster via manipulation of the variable terms in RaftContext.

References

github.com/advisories/GHSA-4jhc-wjr3-pwh2
nvd.nist.gov/vuln/detail/CVE-2020-35211

Code Behaviors & Features

Detect and mitigate CVE-2020-35211 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →