4 matches found
Deserialization of Untrusted Data
Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data in the TGT credential field via the Nimbus Thrift API, due to deserialization of base64-encoded data using ObjectInputStream.readObject without class filtering or validation. A user with topology...
GHSA-JF89-3Q6Q-VCGR Apache Storm: Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
Apache Storm: Deserialization of Untrusted Data vulnerability
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
CVE-2010-4021
CVE-2010-4021 affects MIT Kerberos 5 (krb5) 1.7, where the KDC may inappropriately allow TGT credentials to armoring TGS requests. This can let a remote authenticated attacker impersonate a client by rewriting an inner request via a problematic KrbFastArmoredReq handling. The issue is tied to iss...