org.apache.storm:storm-core 0.10.0-beta1

Direct Vulnerabilities

Known vulnerabilities in the org.apache.storm:storm-core package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Information Exposure org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Information Exposure via the `Logviewer` daemon. It allows an attacker to read or search log files of the host's file system that were not intended to be accessible via the `HTTP`-accessible endpoints. How to fix Information Exposure? Upgrade `org.apache.storm:storm-core` to version 1.2.3 or higher.	[0.9.1-incubating,1.2.3)
H Arbitrary Code Execution org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user. How to fix Arbitrary Code Execution? Upgrade `org.apache.storm:storm-core` to versions 1.1.3, 1.2.2 or higher.	[,1.2.2)[1.1.0,1.1.3)
M User Impersonation org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to User Impersonation when communicating with some Storm Daemons. How to fix User Impersonation? Upgrade `org.apache.storm:storm-core` to versions 1.2.2, 1.1.3 or higher.	[,1.1.3)[1.2.0,1.2.2)
M Arbitrary File Write via Archive Extraction (Zip Slip) org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `org.apache.storm:storm-core` to version 1.1.3, 1.2.2 or higher.	[,1.1.3)[1.2.0,1.2.2)

Vulnerability

Vulnerable Version

Information Exposure

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to Information Exposure via the Logviewer daemon. It allows an attacker to read or search log files of the host's file system that were not intended to be accessible via the HTTP-accessible endpoints.

How to fix Information Exposure?

Upgrade org.apache.storm:storm-core to version 1.2.3 or higher.

[0.9.1-incubating,1.2.3)

Arbitrary Code Execution

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

How to fix Arbitrary Code Execution?

Upgrade org.apache.storm:storm-core to versions 1.1.3, 1.2.2 or higher.

[,1.2.2)[1.1.0,1.1.3)

User Impersonation

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to User Impersonation when communicating with some Storm Daemons.

How to fix User Impersonation?

Upgrade org.apache.storm:storm-core to versions 1.2.2, 1.1.3 or higher.

[,1.1.3)[1.2.0,1.2.2)

Arbitrary File Write via Archive Extraction (Zip Slip)

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip).

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade org.apache.storm:storm-core to version 1.1.3, 1.2.2 or higher.

[,1.1.3)[1.2.0,1.2.2)

org.apache.storm:storm-core@0.10.0-beta1

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically