CVE-2020-35451: Concurrent Execution using Shared Resource with Improper Synchronization (Race Condition)

March 9, 2021 (updated March 12, 2021)

There is a race condition in OozieSharelibCLI in Apache Oozie which allows a malicious attacker to replace the files in Oozie’s sharelib during it’s creation.

References

lists.apache.org/thread.html/r8688debdb8b586aab3e53dee2d675fc9212de0ec627a8d3cd43b5ab5%40%3Cuser.oozie.apache.org%3E
lists.apache.org/thread.html/r8688debdb8b586aab3e53dee2d675fc9212de0ec627a8d3cd43b5ab5@%3Cuser.oozie.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2020-35451

Code Behaviors & Features

Detect and mitigate CVE-2020-35451 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →