WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-40865 Vulnerability in maven package org.apache.storm:storm-server

Description

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Remediation

References

https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E

https://seclists.org/oss-sec/2021/q4/45

Related Vulnerabilities

CVE-2023-50775 Vulnerability in maven package org.jenkins-ci.plugins:ec2-deployment-dashboard

CVE-2020-11969 Vulnerability in maven package org.apache.tomee:openejb-core

CVE-2021-28657 Vulnerability in maven package org.apache.tika:tika-parsers

CVE-2021-45851 Vulnerability in npm package @frangoteam/fuxa

CVE-2023-27296 Vulnerability in maven package org.apache.inlong:manager-pojo

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory Third Party Advisory