{"url":"http://public2.vulnerablecode.io/api/packages/53907?format=json","purl":"pkg:maven/org.apache.storm/storm@1.1","type":"maven","namespace":"org.apache.storm","name":"storm","version":"1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.1.1","latest_non_vulnerable_version":"2.2.1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38753?format=json","vulnerability_id":"VCID-x3qw-y2w4-r7bw","summary":"Improper Access Control\nIt was found that under some situations and configurations of Apache Storm, it is theoretically possible for the owner of a topology to trick the supervisor to launch a worker as a different, non-root, user. In the worst case this could lead to secure credentials of the other user being compromised.","references":[{"reference_url":"https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127@%3Cdev.storm.apache.org%3E","reference_id":"","reference_type":"","scores":[],"url":"https://lists.apache.org/thread.html/b9125bf507ed6f2ca6e85ba1a4b44e232aa70eeddfba2a9d8a954127@%3Cdev.storm.apache.org%3E"},{"reference_url":"http://www.securityfocus.com/bid/100235","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100235"},{"reference_url":"http://www.securitytracker.com/id/1039116","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039116"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9799","reference_id":"CVE-2017-9799","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-9799"},{"reference_url":"https://github.com/advisories/GHSA-x825-rjww-2245","reference_id":"GHSA-x825-rjww-2245","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x825-rjww-2245"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53909?format=json","purl":"pkg:maven/org.apache.storm/storm@1.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.storm/storm@1.1.1"}],"aliases":["CVE-2017-9799","GHSA-x825-rjww-2245"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x3qw-y2w4-r7bw"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:maven/org.apache.storm/storm@1.1"}