Apache Storm is vulnerable to arbitrary file writes. The vulnerability exists due to the lack of sanitization of the filename, allowing path-traversal filenames to exist and write to arbitrary file locations during the unzipping process.
CPE | Name | Operator | Version |
---|---|---|---|
storm core | le | 1.2.1 | |
storm core | le | 1.0.6 | |
storm core | le | 1.1.2 |