A Command Injection vulnerability... CVE-2021-38294

7.5 AV AC AU C I A
发布: 2021-10-25
修订: 2021-11-23

A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.

0%
当前有1条漏洞利用/PoC
当前有3条受影响产品信息