[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] [CVE-2018-1320] Apache Storm vulnerable Thrift version
From: Stig_Rohde_Døssing <srdo () apache ! org>
Date: 2019-07-24 7:26:45
Message-ID: CAG09ER1gaptDPN3W-03BTQh_-P1Ta-GWicCprr_VLOz_FARagA () mail ! gmail ! com
[Download RAW message or body]
[CVEID]:CVE-2018-1320[PRODUCT]:Apache Storm[VERSION]:Apache Storm
0.9.1-incubating to 1.2.2[PROBLEMTYPE]:CWE-20: Input
Validation[DESCRIPTION]:Apache Storm versions 0.9.1-incubating to
1.2.2
use Thrift library versions vulnerable to CVE-2018-1320.
Mitigation: Upgrade to Apache Storm 1.2.3 or later.
Credit: Arun Mahadevan for discovery and fix
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic