CVE-2021-40865: Deserialization of Untrusted Data

October 25, 2021 (updated October 28, 2021)

An Unsafe Deserialization vulnerability exists in the worker services of the Apache Storm supervisor server allowing pre-auth Remote Code Execution (RCE).

References

nvd.nist.gov/vuln/detail/CVE-2021-40865
seclists.org/oss-sec/2021/q4/45

Detect and mitigate CVE-2021-40865 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →