oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

[CVE-2018-1320] Apache Storm vulnerable Thrift version

From: Stig Rohde Døssing <srdo () apache org>
Date: Wed, 24 Jul 2019 09:26:45 +0200
[CVEID]:CVE-2018-1320[PRODUCT]:Apache Storm[VERSION]:Apache Storm
0.9.1-incubating to 1.2.2[PROBLEMTYPE]:CWE-20: Input
Validation[DESCRIPTION]:Apache Storm versions 0.9.1-incubating to
1.2.2
              use Thrift library versions vulnerable to CVE-2018-1320.

Mitigation: Upgrade to Apache Storm 1.2.3 or later.

Credit: Arun Mahadevan for discovery and fix
Previous By Date Next
Previous By Thread Next

Current thread: