15 matches found
EUVD-2026-21902
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the TGT credential field via the Nimbus Thrift API, due to deserialization of base64-encoded data using ObjectInputStream.readObject without class filtering or validation. A user with topology...
GHSA-JF89-3Q6Q-VCGR Apache Storm: Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
CVE-2026-35337 Apache Storm Client: RCE through Unsafe Deserialization via Kerberos TGT Credential Handling
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
PT-2026-32328
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
Security Bulletin: SQL Injection Vulnerability in Apache Hive Metastore Server Thrift APIs, affects watsonx.data
Summary Apache Hive versions 4.1.0 before 4.2.0 are vulnerable to SQL injection in Hive Metastore Server when handling delete column statistics via Thrift APIs. Exploitation is limited to authorized users with API access. Upgrading to 4.2.0 or disabling direct SQL metastore.try.direct.sql=false...
SQL Injection
Apache Hive is vulnerable to SQL Injection. The vulnerability is due to improper handling of delete column statistics requests via Thrift APIs, which allows an authorized attacker to inject malicious SQL queries and manipulate backend database operations...
Apache Hive SQL注入漏洞
Apache Hive is a set of data warehouse software based on Hadoop Distributed Systems Infrastructure from the Apache Apache Foundation in the United States. The software provides a data integration approach and a high-level query language to support large-scale data analysis on Hadoop. Apache Hive...
EUVD-2018-0678
Malware in sbrugna...
MAL-2022-640 Malicious code in @thrift-api/request (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc7c546cee9e2a91fe9d45f7f261892c3bfb7d979a727786c4f77d1ac0be7e16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @thrift-api/request (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware fc7c546cee9e2a91fe9d45f7f261892c3bfb7d979a727786c4f77d1ac0be7e16 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in @thrift-api/drivertrade-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48fc4d9be4686667e8cfc3eddb9dd82bfdc9173ecc3ae88f35e626e66e515e68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-639 Malicious code in @thrift-api/drivertrade-web (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 48fc4d9be4686667e8cfc3eddb9dd82bfdc9173ecc3ae88f35e626e66e515e68 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Race condition in org.apache.hbase:hbase-thrift
An issue in Apache HBase affects the optional "Thrift 1" API server when running over HTTP. There is a race-condition which could lead to authenticated sessions being incorrectly applied to users, e.g. one authenticated user would be considered a different user or an unauthenticated user would be...