Vulnerabilities > Apache > Storm > 2.2.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-23 CVE-2023-43123 Unspecified vulnerability in Apache Storm
On unix-like systems, the temporary directory is shared between all user.
local
low complexity
apache
5.5
5.5
2021-10-25 CVE-2021-38294 OS Command Injection vulnerability in Apache Storm
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4.
network
low complexity
apache CWE-78
critical
 9.8
9.8
2021-10-25 CVE-2021-40865 Deserialization of Untrusted Data vulnerability in Apache Storm
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE).
network
low complexity
apache CWE-502
7.5
7.5