Vulnerabilities > Apache > Storm > 1.2.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-25 | CVE-2021-38294 | OS Command Injection vulnerability in Apache Storm A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. | 9.8 |
2021-10-25 | CVE-2021-40865 | Deserialization of Untrusted Data vulnerability in Apache Storm An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). | 9.8 |