WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-40865 Vulnerability in maven package org.apache.storm:storm-server

Description

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Remediation

References

https://lists.apache.org/thread.html/r8d45e74299897b6734dd0f788c46a631009ce2eeb731523386f7a253%40%3Cuser.storm.apache.org%3E

https://seclists.org/oss-sec/2021/q4/45

Related Vulnerabilities

CVE-2022-24858 Vulnerability in npm package next-auth

CVE-2022-0624 Vulnerability in maven package org.webjars.npm:parse-path

CVE-2020-1947 Vulnerability in maven package org.apache.shardingsphere:shardingsphere

CVE-2023-2968 Vulnerability in npm package proxy

CVE-2019-10392 Vulnerability in maven package org.jenkins-ci.plugins:git-client

Severity

Critical

Classification

CWE-502 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Mailing List Vendor Advisory Third Party Advisory