CVE-2018-8008
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
ZipSlip in org.apache.storm:storm-core
Predictions
Exploit likelihood
20%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | org.apache.storm:storm-core | >=1.1.0,<1.1.3 | 1.1.3 |
| Maven | org.apache.storm:storm-core | >=1.2.0,<1.2.2 | 1.2.2 |
| Maven | org.apache.storm:storm-core | <1.0.7 | 1.0.7 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2018-8008
- https://github.com/apache/storm/commit/0fc6b522487c061f89e8cdacf09f722d3f20589
- https://github.com/apache/storm/commit/efad4cca2d7d461f5f8c08a0d7b51fabeb82d0a
- https://github.com/apache/storm/commit/f61e5daf299d6c37c7ad65744d02556c94a16a4
- https://github.com/advisories/GHSA-898j-5cc8-cmf5
- https://issues.apache.org/jira/browse/STORM-3052
- https://lists.apache.org/thread.html/613b2fca8bcd0a3b12c0b763ea8f7cf62e422e9f79fce6cfa5b08a58@%3Cdev.storm.apache.org%3E
- http://www.securityfocus.com/bid/104418
Verify integrity in audit chain (admin only). AS-IS.