Description
Time-of-check to time-of-use (TOCTOU) race condition in org.onosproject.acl (aka the access control application) in ONOS v1.13 and earlier allows attackers to bypass network access control via data plane packet injection.
Remediation
References
https://gerrit.onosproject.org/#/c/18867/
https://wiki.onosproject.org/display/ONOS/Security+advisories
Related Vulnerabilities
CVE-2016-10703 Vulnerability in npm package ecstatic
CVE-2023-24807 Vulnerability in maven package org.webjars.npm:undici
CVE-2023-25158 Vulnerability in maven package org.geotools.jdbc:gt-jdbc-oracle
CVE-2022-31367 Vulnerability in npm package strapi
CVE-2020-6950 Vulnerability in maven package org.glassfish:jakarta.faces