Storm@2.1.0 Security Vulnerabilities and Issues — Storm@2.1.0 CVE List

Lucene search

ApacheStorm2.1.0

2 matches found

CVE•added 2021/10/25 1:15 p.m.•113 views

CVE-2021-38294

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

9.8CVSS9.8AI score0.87807EPSS

CVE•added 2021/10/25 1:15 p.m.•90 views

CVE-2021-40865

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x us...

9.8CVSS9.6AI score0.49399EPSS