CVE-2018-11779: Deserialization of Untrusted Data in Apache Storm

Severity: Critical

CVSS Score: 9.8

In Apache Storm versions 1.1.0 to 1.2.2, when the user is using the storm-kafka-client or storm-kafka modules, it is possible to cause the Storm UI daemon to deserialize user provided bytes into a Java class.