9 matches found
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
OESA-2021-1415 storm security update
Apache Storm realtime computation system Security Fixes: An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution RCE. Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x...
Command injection leading to Remote Code Execution in Apache Storm
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
GHSA-6768-MCJC-8223 Command injection leading to Remote Code Execution in Apache Storm
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
Apache Storm Command Injection Vulnerability
Apache Storm is a free and open source distributed real-time computing system. A command injection vulnerability exists in Apache Storm's getTopologyHistory service. An attacker can exploit this vulnerability by sending a specially crafted thrift request to the Nimbus server to achieve remote cod...
CVE-2021-38294
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
Command injection
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution RCE prior to authentication...
PT-2021-5193 · Apache · Apache Storm
Name of the Vulnerable Software and Affected Versions: Apache Storm versions 1.x prior to 1.2.4 Apache Storm versions 2.x prior to 2.2.1 Description: The issue is related to a Command Injection vulnerability in the getTopologyHistory service of Apache Storm. This vulnerability can be exploited by...
Bitdefender BOX 2 bootstrap download_image command injection vulnerability
Summary An exploitable command injection vulnerability exists in the bootstrap stage of Bitdefender BOX 2, versions 2.1.47.42 and 2.1.53.45. The API method /api/downloadimage unsafely handles the production firmware URL supplied by remote servers, leading to arbitrary execution of system commands...