Maven package
org.apache.storm/storm-metrics-prometheus
pkg:maven/org.apache.storm/storm-metrics-prometheus
Vulnerabilities (1)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40557 | Med | 4.8 | >= 2.6.3, < 2.8.7 | 2.8.7 | Apr 27, 2026 | Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validat |
- affected >= 2.6.3, < 2.8.7fixed 2.8.7
Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description: In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validat