Security Advisory

CVE-2021-40865

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-10-25 12:22:37
Last updated 2024-08-04 02:51:07
Assigner apache
State PUBLISHED

Description

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4