ceph is vulnerable to denial of service. A NULL pointer exception allows an attacker to crash the RGW process via a malicious tagging XML.
access.redhat.com/errata/RHSA-2021:1518
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1827262
bugzilla.suse.com/show_bug.cgi?id=1170170
ceph.io/releases/v13-2-10-mimic-released/
docs.ceph.com/docs/master/releases/mimic/
tracker.ceph.com/issues/44967
usn.ubuntu.com/4528-1/