CVE-2021-40865

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
Configurations

Configuration 1

cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:storm:*:*:*:*:*:*:*:*

Information

Published : 2021-10-25 01:15

Updated : 2021-10-28 05:54


NVD link : CVE-2021-40865

Mitre link : CVE-2021-40865

Products Affected
No products.
CWE
CWE-502

Deserialization of Untrusted Data