CVE-2018-11779

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-11779

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-11779.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-11779

Aliases

GHSA-25pc-85qf-6j69

Related

Published

2019-07-26T00:15:10Z

Modified

2024-09-03T02:03:55.199844Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.

References

https://lists.apache.org/thread.html/3e4f704c4bd9296405a07a0290b8cbb6cbf5046e277efe6d93280a98%40%3Cuser.storm.apache.org%3E

Affected packages

Git / github.com/apache/storm

Affected ranges

Type: GIT
Repo: https://github.com/apache/storm
Events: Introduced

e40d213de7067f7d3aa4d4992b81890d8ed6ff31

Last affected

d2d6f40344e6cc92ab07f3a462d577ef6b61f8b1

Affected versions

v1.*

v1.1.0

v1.2.0

v1.2.1

v1.2.2