Critical severity vulnerability that affects org.apache.storm:storm-kafka and org.apache.storm:storm-kafka-client

ID GHSA-25PC-85QF-6J69
Type github
Reporter GitHub Advisory Database
Modified 2019-08-08T15:09:11


In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.