CVE-2018-1331
HIGH8.8EPSS 5.1%Code execution in org.apache.storm:storm-core
發布日:2018/10/17修改日:2024/12/1
描述
In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
受影響套件(1)
- Maven/org.apache.storm:storm-core>= 1.2.0, < 1.2.2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
參考連結(7)
- ADVISORYhttps://github.com/advisories/GHSA-p8jx-x2vw-wm33
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-1331
- WEBhttp://storm.apache.org/2018/06/04/storm113-released.html
- WEBhttp://storm.apache.org/2018/06/04/storm122-released.html
- WEBhttp://www.openwall.com/lists/oss-security/2018/07/10/4
- WEBhttp://www.securityfocus.com/bid/104732
- WEBhttp://www.securitytracker.com/id/1041273