The vulnerability of the JMSMessageConsumer component of the software for transmitting large volumes of streaming data via Apache Flume allows a attacker to execute arbitrary code.

The vulnerability of the JMSMessageConsumer component in the Apache Flume software for processing large volumes of streaming data exists due to the lack of measures taken to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

PT-2022-4369 · Apache · Apache Flume

Name of the Vulnerable Software and Affected Versions: Apache Flume versions 1.4.0 through 1.10.0 Description: The issue allows for a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI, and an attacker has control of the target LDAP server. Th...