org.apache.storm:storm-server@2.1.0 vulnerabilities
-
latest version
2.6.2
-
latest non vulnerable version
-
first published
5 years ago
-
latest version published
a month ago
-
licenses detected
- [2.0.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.apache.storm:storm-server package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.apache.storm:storm-server is a distributed realtime computation system. Affected versions of this package are vulnerable to Exposure of Sensitive Information to an Unauthorized Actor via the Note: This is only exploitable if 'java.io.tmpdir' system property is not explicitly set and 'ui.disable.spout.lag.monitoring' is set to false. Also, the impact is limited as the temporary file gets deleted soon after its creation. This vulnerability does not impact modern MacOS Operating Systems. How to fix Exposure of Sensitive Information to an Unauthorized Actor? Upgrade |
[2.0.0,2.6.0)
|
org.apache.storm:storm-server is a distributed realtime computation system. Affected versions of this package are vulnerable to Arbitrary Command Injection which exists in the How to fix Arbitrary Command Injection? Upgrade |
[2.2.0,2.2.1)
[2.1.0,2.1.1)
[1.0.0,1.2.4)
|
org.apache.storm:storm-server is a distributed realtime computation system. Affected versions of this package are vulnerable to Deserialization of Untrusted Data which exists in the worker services of the package. This, allowing pre-auth Remote Code Execution (RCE). How to fix Deserialization of Untrusted Data? Upgrade |
[2.2.0,2.2.1)
[2.1.0,2.1.1)
[1.0.0,1.2.4)
|