QwikSec

Security Database

CVE

CWE

Training

CVE-2021-40865

Published: Oct 25, 2021

Modified: Aug 4, 2024

PUBLISHED

Description

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Vendor	Product	Versions
Apache Software Foundation	Apache Storm	affected `v1.0.0 - < Apache Storm *` affected `Apache Storm - < v1.2.4`

Weaknesses (CWE)

References

https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E

x_refsource_MISC

https://seclists.org/oss-sec/2021/q4/45

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.