Vulnerabilities > Apache > Storm > 1.2.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-10-25 | CVE-2021-38294 | OS Command Injection vulnerability in Apache Storm A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. | 9.8 |
| 2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 9.8 |
| 2019-07-26 | CVE-2019-0202 | Information Exposure Through Log Files vulnerability in Apache Storm The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. | 7.5 |
| 2019-07-26 | CVE-2018-11779 | Deserialization of Untrusted Data vulnerability in Apache Storm In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class. | 9.8 |