In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
References
Configurations
History
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2019-07-26 00:15
Updated : 2024-02-28 17:08
NVD link : CVE-2018-11779
Mitre link : CVE-2018-11779
CVE.ORG link : CVE-2018-11779
JSON object : View
Products Affected
apache
- storm
CWE
CWE-502
Deserialization of Untrusted Data