Lucene search
K

4 matches found

Snyk
Snyk
added 2026/04/13 12:31 p.m.2 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the TGT credential field via the Nimbus Thrift API, due to deserialization of base64-encoded data using ObjectInputStream.readObject without class filtering or validation. A user with topology...

8.8CVSS6.5AI score0.01011EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 12:31 p.m.5 views

GHSA-JF89-3Q6Q-VCGR Apache Storm: Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

8.8CVSS6.4AI score0.01011EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/04/13 12:31 p.m.7 views

Apache Storm: Deserialization of Untrusted Data vulnerability

Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...

8.8CVSS6.4AI score0.01011EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2010/12/02 4:0 p.m.74 views

CVE-2010-4021

CVE-2010-4021 affects MIT Kerberos 5 (krb5) 1.7, where the KDC may inappropriately allow TGT credentials to armoring TGS requests. This can let a remote authenticated attacker impersonate a client by rewriting an inner request via a problematic KrbFastArmoredReq handling. The issue is tied to iss...

2.1CVSS5.9AI score0.02089EPSS
Exploits0References17Affected Software1
Rows per page
Query Builder