Gustavo Grieco <gustavo.grieco@xxxxxxx> writes: > Now that the cause of this issue is identified, i would like to > know if there is an impact in the security, so i can request a CVE > if necessary. I am inclined to say that it has no security implications. You have to be able to write a bogus loose object in an object store you already have write access to in the first place, in order to cause this read-only access that goes beyond what is allocated, so at the worst, what you can do is to hurt yourself, and you can already hurt yourself in various other ways.