33 matches found
CVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
EUVD-2022-6565
Malicious code in bioql PyPI...
EUVD-2022-7069
Malicious code in bioql PyPI...
CVE-2022-25167
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...
Remote Code Execution (RCE)
Apache Flume is vulnerable to remote code execution. The vulnerability exists due to improper validations of jms source and provider url where the attacker can use the jms source with an unsafe provider url causing arbitrary code executions...
GHSA-9W4G-FP9H-3Q2V Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI lookup is performed on this name without performing validation. This could result in untrusted data being deserialized, leading to remote code execution RCE attack when a configuration uses a JMS Source with an unsafe...
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI lookup is performed on this name without performing validation. This could result in untrusted data being deserialized, leading to remote code execution RCE attack when a configuration uses a JMS Source with an unsafe...
CVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
CVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
Remote code execution
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
CVE-2022-42468 Apache Flume prior to 1.11.0 has an Improper Input Validation (JNDI Injection) in JMSSource
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
Apache Flume 注入漏洞
Apache Flume is the United States Apache Apache Foundation of a distributed, reliable and available services. It is used to efficiently collect, aggregate and move large amounts of log data. An injection vulnerability exists in Apache Flume versions 1.4.0 through 1.10.1, which stems from...
PT-2022-26450 · Apache · Apache Flume
Name of the Vulnerable Software and Affected Versions: Apache Flume versions 1.4.0 through 1.10.1 Description: The issue allows for a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This is due to the JMSSource class being configured with a...
CVE-2022-42468
Apache Flume (versions 1.4.0–1.10.1) is vulnerable to remote code execution when a JMS Source is configured with an unsafe providerURL, due to JMSSource performing an unvalidated JNDI lookup. The issue is fixed by updating to 1.11.0, which limits JNDI to java protocol or no protocol. Red Hat and ...
CVE-2022-42468 Apache Flume prior to 1.11.0 has an Improper Input Validation (JNDI Injection) in JMSSource
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
CVE-2022-34916
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...
Apache Flume input validation error vulnerability
Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remot...
GHSA-H9MH-MGPV-GQMV Remote code execution in Apache Flume
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...
Remote code execution in Apache Flume
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...
CVE-2022-34916
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java...