Vulnerabilities > Apache > Storm > 0.9.0

DATE CVE VULNERABILITY TITLE RISK
2018-06-05 CVE-2018-8008 Path Traversal vulnerability in Apache Storm
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose an arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar, xz, war, cpio, 7z), that holds path traversal filenames.
local
low complexity
apache CWE-22
5.5
5.5
2018-06-05 CVE-2018-1332 Information Exposure vulnerability in Apache Storm
Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.
network
low complexity
apache CWE-200
6.5
6.5