VYPR

Maven package

org.apache.storm/storm-metrics-prometheus

pkg:maven/org.apache.storm/storm-metrics-prometheus

Vulnerabilities (1)

  • CVE-2026-40557MedApr 27, 2026
    affected >= 2.6.3, < 2.8.7fixed 2.8.7

    Improper Certificate Validation via Global SSL Context Downgrade in Apache Storm Prometheus Reporter Versions Affected: from 2.6.3 to 2.8.6 Description:  In production deployments where an administrator enables storm.daemon.metrics.reporter.plugin.prometheus.skip_tls_validat