Storm@1.0.0 Security Vulnerabilities and Issues — Storm@1.0.0 CVE List

Lucene search

ApacheStorm1.0.0

3 matches found

CVE•added 2021/10/25 1:15 p.m.•113 views

CVE-2021-38294

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

9.8CVSS9.8AI score0.87807EPSS

CVE•added 2021/10/25 1:15 p.m.•90 views

CVE-2021-40865

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x us...

9.8CVSS9.6AI score0.49399EPSS

CVE•added 2018/07/10 5:29 p.m.•59 views

CVE-2018-1331

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

8.8CVSS8.8AI score0.06549EPSS