Storm@1.2.1 Security Vulnerabilities and Issues — Storm@1.2.1 CVE List

Lucene search

ApacheStorm1.2.1

3 matches found

CVE•added 2018/06/05 7:29 p.m.•74 views

CVE-2018-1332

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

6.5CVSS6.2AI score0.0043EPSS

CVE•added 2018/06/05 7:29 p.m.•71 views

CVE-2018-8008

Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames. So ...

5.8CVSS5.8AI score0.1535EPSS

CVE•added 2018/07/10 5:29 p.m.•59 views

CVE-2018-1331

In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

8.8CVSS8.8AI score0.06549EPSS