Lucene search
ApacheCVELIST:CVE-2021-40865HistoryOct 25, 2021 - 12:22 p.m.
CVE-2021-40865 Unsafe Pre-Authentication Deserialization In Workers
2021-10-2512:22:37
CWE-502
apache
www.cve.org
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
CNA Affected
[
{
"product": "Apache Storm",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "Apache Storm *",
"status": "affected",
"version": "v1.0.0",
"versionType": "custom"
},
{
"changes": [
{
"at": "v2.1.1",
"status": "unaffected"
},
{
"at": "v2.2.1",
"status": "unaffected"
},
{
"at": "v2.3.0",
"status": "unaffected"
}
],
"lessThan": "v1.2.4",
"status": "affected",
"version": "Apache Storm",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-40865
2021-10-25 13:15:08
cnvd
cnvd
Apache Storm code issue vulnerability
2021-10-26 00:00:00
prion
prion
Deserialization of untrusted data
2021-10-25 13:15:00
f5
f5
K44104514 : Apache Storm vulnerability CVE-2021-40865
2021-12-21 00:00:00
github
github
nvd
nvd
CVE-2021-40865
2021-10-25 13:15:08
cve
cve
CVE-2021-40865
2021-10-25 13:15:08
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Apache Storm
2021-11-26 10:09:40
checkpoint_advisories
checkpoint_advisories
Apache Storm Remote Code Execution (CVE-2021-40865)
2022-02-28 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2021-10-27 05:09:54
nessus
nessus
