An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
References
Link | Resource |
---|---|
https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E | Mailing List Vendor Advisory |
https://seclists.org/oss-sec/2021/q4/45 | Mailing List Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: apache
Published: 2021-10-25T12:22:37
Updated: 2021-10-25T12:22:37
Reserved: 2021-09-12T00:00:00
Link: CVE-2021-40865
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-10-25T13:15:08.140
Modified: 2021-10-28T17:54:04.653
Link: CVE-2021-40865
JSON object: View
Redhat Information
No data.
CWE