WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-40865 Vulnerability in maven package org.apache.storm:storm-server

Description

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Remediation

References

https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E

https://seclists.org/oss-sec/2021/q4/45

Related Vulnerabilities

CVE-2021-31404 Vulnerability in maven package com.vaadin:flow-server

CVE-2023-40178 Vulnerability in npm package @node-saml/node-saml

CVE-2023-32989 Vulnerability in maven package org.jenkins-ci.plugins:azure-vm-agents

CVE-2022-42890 Vulnerability in maven package org.apache.xmlgraphics:batik-script

CVE-2022-36889 Vulnerability in maven package org.jenkins-ci.plugins:deployer-framework

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory Third Party Advisory