Apache Storm UI Deamon is vulnerable to deserialization of untrusted object. When it is using with storm-kafka-client or storm-kafka modules, it does not filter the input of untrusted bytes before deserialization, allowing an attacker to provide malicious bytes to abuse the logic of the application.
CPE | Name | Operator | Version |
---|---|---|---|
storm core | le | 1.2.2 |