CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-02-12 18:42:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
CVEs-PoC/2021/CVE-2021-40865.md
0xMarcio cb00e1339f Update CVE list 2025-09-29 21:09
2025-09-29 21:09:30 +02:00

26 lines
1.3 KiB
Markdown
Raw Permalink Blame History

### [CVE-2021-40865](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40865)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20Storm&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=Apache%20Storm%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Version&message=v1.0.0%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-502%20Deserialization%20of%20Untrusted%20Data&color=brightgreen)
### Description
An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE). Apache Storm 2.2.x users should upgrade to version 2.2.1 or 2.3.0. Apache Storm 2.1.x users should upgrade to version 2.1.1. Apache Storm 1.x users should upgrade to version 1.2.4
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/hktalent/CVE-2021-40865
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/soosmile/POC
Reference in New Issue View Git Blame Copy Permalink