In MinIO before version RELEASE.2021-03-04T00-53-13Z it is possible to bypass a readOnly policy by creating a temporary 'mc share upload'
github.com/minio/minio RELEASE.2021-03-04T00-53-13Z => v0.0.0-20210304002810-c3217bd6ebc0
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-21362