CVE-2021-40865 is a vulnerability in Apache Storm
Published on October 25, 2021
Unsafe Pre-Authentication Deserialization In Workers
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
Weakness Type
What is a Marshaling, Unmarshaling Vulnerability?
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
CVE-2021-40865 has been classified to as a Marshaling, Unmarshaling vulnerability or weakness.
Products Associated with CVE-2021-40865
Want to know whenever a new CVE is published for Apache Storm? stack.watch will email you.
Affected Versions
Apache Software Foundation Apache Storm:- Version v1.0.0 and below Apache Storm * is affected.
- Version Apache Storm and below v1.2.4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.