In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Storm | Apache | 0.10.0 (excluding) | 0.10.2 (including) |
Storm | Apache | 1.0.0 (including) | 1.0.6 (including) |
Storm | Apache | 1.1.0 (excluding) | 1.1.2 (including) |
Storm | Apache | 1.2.0 (including) | 1.2.1 (including) |