CVE-2018-11779
published 2019-07-26CVE-2018-11779: In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | storm | — | — |
| apache | storm | 1.1.0 – 1.2.2 | — |