CVE-2018-11779

CVSS v3.0 9.8 (Critical)

CVSS v2.0 7.5 (High)

EPSS 0.29 % (69^th)

Affected Products 1

Advisories 3

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.

Weaknesses

CWE-502: Deserialization of Untrusted Data

CVE Status: PUBLISHED
CNA: Apache Software Foundation
Published Date: 2019-07-26 00:15:10
(5 years ago)
Updated Date: 2023-11-07 02:51:46
(10 months ago)

Affected Products

Apache

Storm

Configuration #1

		CPE23	From	Up To
	Apache Storm from 1.1.0 version and 1.2.2 and prior versions	cpe:2.3:a:apache:storm	>= 1.1.0	<= 1.2.2