Critical severity vulnerability that affects org.apache.storm:storm-kafka and org.apache.storm:storm-kafka-client

2019-08-01T19:17:53
ID GHSA-25PC-85QF-6J69
Type github
Reporter GitHub Advisory Database
Modified 2019-08-08T15:09:11

Description

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.