Apache Storm is vulnerable to remote code execution. The vulnerability is possible when an attacker can get access to secure storm cluster, leading to arbitrary code execution as another user.
CPE | Name | Operator | Version |
---|---|---|---|
storm core | le | 1.2.1 | |
storm core | le | 1.1.2 | |
storm core | le | 0.10.2 | |
storm core | le | 1.0.6 |
storm.apache.org/2018/06/04/storm113-released.html
storm.apache.org/2018/06/04/storm122-released.html
www.openwall.com/lists/oss-security/2018/07/10/4
www.securityfocus.com/bid/104732
www.securitytracker.com/id/1041273
github.com/apache/storm/commit/efad4cca2d7d461f5f8c08a0d7b51fabeb82d0af
github.com/apache/storm/commit/f61e5daf299d6c37c7ad65744d02556c94a16a4b