oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2018-1331: Apache Storm remote code execution vulnerability

From: Bobby Evans <bobby () apache org>
Date: Tue, 10 Jul 2018 10:31:48 -0500
[CVEID]:CVE-2018-1331
[PRODUCT]:Apache Storm
[VERSION]:Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0
through 1.1.2, 1.2.0 through 1.2.1
[PROBLEMTYPE]:Remote Code Execution
[REFERENCES]: http://storm.apache.org/2018/06/04/storm122-released.html
http://storm.apache.org/2018/06/04/storm113-released.html

An attacker with access to a secure storm cluster in some cases could
execute arbitrary code as a different user.
Previous By Date Next
Previous By Thread Next

Current thread: