Lucene search
Veracode Vulnerability DatabaseVERACODE:7010HistoryJul 11, 2018 - 2:52 a.m.
Remote Code Execution (RCE)
2018-07-1102:52:53
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
6
0.01 Low
EPSS
Percentile
83.9%
Apache Storm is vulnerable to remote code execution. The vulnerability is possible when an attacker can get access to secure storm cluster, leading to arbitrary code execution as another user.
| CPE | Name | Operator | Version |
|---|---|---|---|
| storm core | le | 1.2.1 | |
| storm core | le | 1.1.2 | |
| storm core | le | 0.10.2 | |
| storm core | le | 1.0.6 |
References
storm.apache.org/2018/06/04/storm113-released.html
storm.apache.org/2018/06/04/storm122-released.html
www.openwall.com/lists/oss-security/2018/07/10/4
www.securityfocus.com/bid/104732
www.securitytracker.com/id/1041273
github.com/apache/storm/commit/efad4cca2d7d461f5f8c08a0d7b51fabeb82d0af
github.com/apache/storm/commit/f61e5daf299d6c37c7ad65744d02556c94a16a4b
Related
nvd
nvd
CVE-2018-1331
2018-07-10 17:29:00
github
github
Code execution in org.apache.storm:storm-core
2018-10-17 19:48:06
cve
cve
CVE-2018-1331
2018-07-10 17:29:00
osv
osv
High severity vulnerability that affects org.apache.storm:storm-core
2018-10-17 19:48:06
CVE-2018-1331
2018-07-10 17:29:00
prion
prion
Code injection
2018-07-10 17:29:00
cvelist
cvelist
CVE-2018-1331
2018-07-10 00:00:00