org.apache.storm:storm-core 0.9.2-incubating vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.apache.storm:storm-core package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
H Information Exposure org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Information Exposure via the `Logviewer` daemon. It allows an attacker to read or search log files of the host's file system that were not intended to be accessible via the `HTTP`-accessible endpoints. How to fix Information Exposure? Upgrade `org.apache.storm:storm-core` to version 1.2.3 or higher.	[0.9.1-incubating,1.2.3)
H Arbitrary Code Execution org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user. How to fix Arbitrary Code Execution? Upgrade `org.apache.storm:storm-core` to versions 1.1.3, 1.2.2 or higher.	[,1.2.2)[1.1.0,1.1.3)
M User Impersonation org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to User Impersonation when communicating with some Storm Daemons. How to fix User Impersonation? Upgrade `org.apache.storm:storm-core` to versions 1.2.2, 1.1.3 or higher.	[,1.1.3)[1.2.0,1.2.2)
M Arbitrary File Write via Archive Extraction (Zip Slip) org.apache.storm:storm-core is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip). How to fix Arbitrary File Write via Archive Extraction (Zip Slip)? Upgrade `org.apache.storm:storm-core` to version 1.1.3, 1.2.2 or higher.	[,1.1.3)[1.2.0,1.2.2)

Vulnerability

Vulnerable Version

Information Exposure

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to Information Exposure via the Logviewer daemon. It allows an attacker to read or search log files of the host's file system that were not intended to be accessible via the HTTP-accessible endpoints.

How to fix Information Exposure?

Upgrade org.apache.storm:storm-core to version 1.2.3 or higher.

[0.9.1-incubating,1.2.3)

Arbitrary Code Execution

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to Arbitrary Code Execution. An attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.

How to fix Arbitrary Code Execution?

Upgrade org.apache.storm:storm-core to versions 1.1.3, 1.2.2 or higher.

[,1.2.2)[1.1.0,1.1.3)

User Impersonation

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to User Impersonation when communicating with some Storm Daemons.

How to fix User Impersonation?

Upgrade org.apache.storm:storm-core to versions 1.2.2, 1.1.3 or higher.

[,1.1.3)[1.2.0,1.2.2)

Arbitrary File Write via Archive Extraction (Zip Slip)

org.apache.storm:storm-core is a distributed realtime computation system.

Affected versions of this package are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip).

How to fix Arbitrary File Write via Archive Extraction (Zip Slip)?

Upgrade org.apache.storm:storm-core to version 1.1.3, 1.2.2 or higher.

[,1.1.3)[1.2.0,1.2.2)

org.apache.storm:storm-core@0.9.2-incubating vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package manager

Direct Vulnerabilities

How to fix?