Description
There is a race condition in OozieSharelibCLI in Apache Oozie before version 5.2.1 which allows a malicious attacker to replace the files in Oozie's sharelib during it's creation.
Remediation
References
https://lists.apache.org/thread.html/r8688debdb8b586aab3e53dee2d675fc9212de0ec627a8d3cd43b5ab5%40%3Cuser.oozie.apache.org%3E
http://www.openwall.com/lists/oss-security/2021/03/09/2
Related Vulnerabilities
CVE-2021-33036 Vulnerability in maven package org.apache.hadoop:hadoop-yarn-server-common
CVE-2021-27578 Vulnerability in maven package org.apache.zeppelin:zeppelin
CVE-2022-24999 Vulnerability in maven package org.webjars.npm:qs
CVE-2020-7648 Vulnerability in npm package snyk-broker
CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-war