An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0 Apache Storm 2.1.x users should upgrade to version 2.1.1 Apache Storm 1.x users should upgrade to version 1.2.4
References
History
No history.

Status: PUBLISHED
Assigner: apache
Published:
Updated: 2024-08-04T02:51:07.676Z
Reserved: 2021-09-12T00:00:00
Link: CVE-2021-40865

No data.

Status : Modified
Published: 2021-10-25T13:15:08.140
Modified: 2024-11-21T06:24:58.080
Link: CVE-2021-40865

No data.

No data.