VYPR
High severityNVD Advisory· Published Jul 25, 2019· Updated Aug 4, 2024

CVE-2019-0202

CVE-2019-0202

Description

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.storm:storm-coreMaven
>= 0.9.1-incubating, < 1.2.31.2.3

Affected products

175

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.