VYPR

Maven package

org.apache.storm/storm-kafka-client

pkg:maven/org.apache.storm/storm-kafka-client

Vulnerabilities (1)

  • CVE-2018-11779Jul 25, 2019
    affected >= 1.1.0, < 1.2.3fixed 1.2.3

    In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.