rdblue opened a new issue, #16484: URL: https://github.com/apache/iceberg/issues/16484
> This issue was reported to the private Apache Iceberg security mailing list. The submitter is being kept anonymous because the report was sent to a private list. After review, the issue is not considered a serious vulnerability that needs to be kept private, so it is being filed publicly here for tracking and resolution. > > Note: this submission was generated by AI. Please review its claims and source references carefully before acting on them. # Summary `GCSOutputFile.create()` is enforced with a non-atomic existence check plus overwrite path, allowing races to overwrite objects. Two writers targeting the same object can both observe "does not exist" before either write becomes visible. The second writer then reaches the overwrite path even though the caller used `create()` specifically to require create-if-absent behavior. # Affected Maven coordinates * primary shipped client artifact: `org.apache.iceberg:iceberg-gcp` * bundle artifact: `org.apache.iceberg:iceberg-gcp-bundle` # Attacker prerequisites * ability to race another writer on the same GCS object path, or to trigger concurrent writes to the same metadata or data-file location * a deployment that relies on `GCSOutputFile.create()` for create-if-absent semantics # Impact * Another writer can create the object between the existence check and stream creation. * The second writer then overwrites the object even though `create()` is supposed to fail when the target already exists. * This is an integrity problem for metadata and data files. # Proof status Source review only. The issue is visible directly from source. # Key source references * org.apache.iceberg.gcp.gcs.GCSOutputFile * org.apache.iceberg.gcp.gcs.GCSOutputStream Current severity assessment [2]: Moderate [1] https://iceberg.apache.org/security/ [2] https://security.apache.org/blog/severityrating/ -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
