CVE-2022-25167
Apache Flume (versions 1.4.0–1.9.0) is vulnerable to remote code execution when a JMS Source is configured with a JNDI LDAP data source URI and an attacker controls the target LDAP server. The underlying issue is the JNDI usage, which can be exploited to run arbitrary code on the target. Remediat...