You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@storm.apache.org by Stig Rohde Døssing <sr...@apache.org> on 2019/07/24 07:24:22 UTC

[CVE-2018-1320] Apache Storm vulnerable Thrift version

[CVEID]:CVE-2018-1320[PRODUCT]:Apache Storm[VERSION]:Apache Storm
0.9.1-incubating to 1.2.2[PROBLEMTYPE]:CWE-20: Input
Validation[DESCRIPTION]:Apache Storm versions 0.9.1-incubating to
1.2.2
              use Thrift library versions vulnerable to CVE-2018-1320.

Mitigation: Upgrade to Apache Storm 1.2.3 or later.

Credit: Arun Mahadevan for discovery and fix