org.apache.storm:flux-core (=1.1.0), org.apache.storm:storm-elasticsearch-examples (=1.1.0) +14 more potentially affected by CVE-2017-9799 via org.apache.storm:storm-core (=1.1.0)

org.apache.storm:storm-core MAVEN version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.storm:storm-core and may be impacted: - org.apache.storm:flux-core =1.1.0 - org.apache.storm:storm-elasticsearch-examples =1.1.0 -...

com.accelerate-experience:storm-metrics-statsd (>=1.0.0 <=1.0.1), com.accelerate-experience:storm-rabbitmq (=1.0.0) +70 more potentially affected by CVE-2017-9799 via org.apache.storm:storm-core (>=1.0.0 <=1.0.3)

org.apache.storm:storm-core MAVEN version =1.0.0, =1.0.0, =0.1.0, =1.0, =1.0, =1.0, =1.3, =1.0, =1.0, =1.0, =1.0.0, =1.0.4 - com.github.ptgoetz:storm-jms =1.0.2 - com.github.ptgoetz:storm-signals =1.0.3 and more Source cves: CVE-2017-9799 Source advisory: OSV:GHSA-X825-RJWW-2245...

CVE-2017-9799

CVE-2017-9799 affects Apache Storm 1.x prior to 1.0.4 and 1.1.x prior to 1.1.1. The issue allows a topology owner to trick the supervisor into launching a worker as a different, non-root user, enabling exposure of that user’s credentials. Impact is described as potential credential compromise and...