[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] [CVE-2018-1320] Apache Storm vulnerable Thrift version
From:       Stig_Rohde_Døssing <srdo () apache ! org>
Date:       2019-07-24 7:26:45
Message-ID: CAG09ER1gaptDPN3W-03BTQh_-P1Ta-GWicCprr_VLOz_FARagA () mail ! gmail ! com
[Download RAW message or body]


[CVEID]:CVE-2018-1320[PRODUCT]:Apache Storm[VERSION]:Apache Storm
0.9.1-incubating to 1.2.2[PROBLEMTYPE]:CWE-20: Input
Validation[DESCRIPTION]:Apache Storm versions 0.9.1-incubating to
1.2.2
              use Thrift library versions vulnerable to CVE-2018-1320.

Mitigation: Upgrade to Apache Storm 1.2.3 or later.

Credit: Arun Mahadevan for discovery and fix


[prev in list] [next in list] [prev in thread] [next in thread]