CVE-2021-40865
published 2021-10-25CVE-2021-40865: An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE)…
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | storm | >= 1.0.0 < 1.2.4 | 1.2.4 |
| apache | storm | >= 2.1.0 < 2.1.1 | 2.1.1 |
| apache | storm | >= 2.2.0 < 2.2.1 | 2.2.1 |
| apache_software_foundation | apache_storm | >= Apache Storm < v1.2.4 | v1.2.4 |
| apache_software_foundation | apache_storm | >= v1.0.0 < Apache Storm * | Apache Storm * |