CVE-2021-38294 in Storm
الملخص
بحسب MITRE • 25/10/2021
A Command Injection vulnerability exists in the getTopologyHistory service of the Apache Storm 2.x prior to 2.2.1 and Apache Storm 1.x prior to 1.2.4. A specially crafted thrift request to the Nimbus server allows Remote Code Execution (RCE) prior to authentication.
If you want to get best quality of vulnerability data, you may have to visit VulDB.