CVE-2020-35451

Summary

There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.

Affected Software

VendorProductVersion RangeStatus
Apache Software FoundationApache Oozieunspecified < 5.2.1affected

Weaknesses

  • CWE-377: CWE-377 Insecure Temporary File

Workarounds

Validate the contents of the sharelib after uploading.

ADP Enrichment

CVE Program Container

Additional References

References