{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "0.10.2" }, { "introduced": "1.0.0" }, { "last_affected": "1.0.6" }, { "introduced": "0" }, { "last_affected": "1.1.2" }, { "introduced": "1.2.0" }, { "last_affected": "1.2.1" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "d8e4a3b59e6a97165ff769f11c9d4d2d3ecbb9dc" }, { "introduced": "dba655a47aaad74f26b9bb9a75fa52c0eedd8b1e" }, { "last_affected": "7993db01580ce62d44866dc00e0a7266984638d0" }, { "introduced": "0" }, { "last_affected": "0bb7a66a9b26ad96afc81b27dd45f93ae8969c44" }, { "introduced": "2a0097f9a20b9df494caadb87c87d4e4db01a7ed" }, { "last_affected": "d156d25d991311eaa1f5131d3dc34787f87ce684" } ], "repo": "https://github.com/apache/storm", "type": "GIT" } ] } ], "details": "In Apache Storm 0.10.0 through 0.10.2, 1.0.0 through 1.0.6, 1.1.0 through 1.1.2, and 1.2.0 through 1.2.1, an attacker with access to a secure storm cluster in some cases could execute arbitrary code as a different user.", "id": "CVE-2018-1331", "modified": "2026-03-15T13:46:47.889097616Z", "published": "2018-07-10T17:29:00.213Z", "references": [ { "type": "ADVISORY", "url": "http://storm.apache.org/2018/06/04/storm113-released.html" }, { "type": "ADVISORY", "url": "http://storm.apache.org/2018/06/04/storm122-released.html" }, { "type": "ADVISORY", "url": "http://www.openwall.com/lists/oss-security/2018/07/10/4" }, { "type": "ADVISORY", "url": "http://www.securityfocus.com/bid/104732" }, { "type": "ADVISORY", "url": "http://www.securitytracker.com/id/1041273" } ], "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }