Bobby Evans

**Name of the Vulnerable Software and Affected Versions** Apache Storm versions 0.10.0 through 0.10.2 Apache Storm versions 1.0.0 through 1.0.6 Apache Storm versions 1.1.0 through 1.1.2 Apache Storm versions 1.2.0 through 1.2.1 **Description** An issue exists where an attacker with access to a secure Storm cluster could potentially execute arbitrary code as a different user under certain conditions. **Recommendations** For Apache Storm versions 0.10.0 through 0.10.2, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.0.0 through 1.0.6, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.1.0 through 1.1.2, update to a version outside of this range to resolve the issue. For Apache Storm versions 1.2.0 through 1.2.1, update to a version outside of this range to resolve the issue.