Maven package
org.apache.storm/storm-kafka
pkg:maven/org.apache.storm/storm-kafka
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-11779 | — | >= 1.1.0, < 1.2.3 | 1.2.3 | Jul 25, 2019 | In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. |
- CVE-2018-11779Jul 25, 2019affected >= 1.1.0, < 1.2.3fixed 1.2.3
In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.