CVE-2022-42468
- EPSS 0.81%
- Veröffentlicht 26.10.2022 16:15:11
- Zuletzt bearbeitet 07.05.2025 14:15:33
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no...
CVE-2022-34916
- EPSS 2.66%
- Veröffentlicht 21.08.2022 09:15:33
- Zuletzt bearbeitet 21.11.2024 07:10:25
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by l...
CVE-2022-25167
- EPSS 11.56%
- Veröffentlicht 14.06.2022 08:15:06
- Zuletzt bearbeitet 21.11.2024 06:51:44
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by li...