Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
[
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"status": "affected",
"version": "Apache Storm 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier"
}
]
}
]