Unsafe Deserialization Vulnerability in Apache Storm Supervisor Server Allows Pre-Auth Remote Code Execution

Unsafe Deserialization Vulnerability in Apache Storm Supervisor Server Allows Pre-Auth Remote Code Execution

CVE-2021-40865 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4

Learn more about our Cis Benchmark Audit For Apache Http Server.