Apache Storm version 1.0.6 and earlier, 1.2.1 and earlier, and version 1.1.2 and earlier expose a vulnerability that could allow a user to impersonate another user when communicating with some Storm Daemons.

Affected Packages

Maven org.apache.storm:storm-core

Affected versions: 0 (fixed in 1.1.3)

Maven org.apache.storm:storm-core

Affected versions: 1.2.0 (fixed in 1.2.2)

Related CVEs

CVE-2018-1332

Key Information

GHSA ID

GHSA-q35p-chc6-7x57

Published

October 17, 2018 7:48 PM

Last Modified

September 16, 2021 7:20 PM

CVSS Score

5.0 /10

Primary Ecosystem

Maven

Primary Package

org.apache.storm:storm-core

GitHub Reviewed

✓ Yes

Dataset

Last updated: July 28, 2025 6:37 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.