oss-sec mailing list archives
CVE-2018-1331: Apache Storm remote code execution vulnerability
From: Bobby Evans <bobby () apache org>
Date: Tue, 10 Jul 2018 10:31:48 -0500
[CVEID]:CVE-2018-1331 [PRODUCT]:Apache Storm [VERSION]:Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, 1.2.0 through 1.2.1 [PROBLEMTYPE]:Remote Code Execution [REFERENCES]: http://storm.apache.org/2018/06/04/storm122-released.html http://storm.apache.org/2018/06/04/storm113-released.html An attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Current thread:
- CVE-2018-1331: Apache Storm remote code execution vulnerability Bobby Evans (Jul 10)