5 matches found
CVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...
EUVD-2022-7069
Malicious code in bioql PyPI...
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI lookup is performed on this name without performing validation. This could result in untrusted data being deserialized, leading to remote code execution RCE attack when a configuration uses a JMS Source with an unsafe...
GHSA-9W4G-FP9H-3Q2V Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Flume’s JMSSource class can be configured with a providerUrl parameter. A JNDI lookup is performed on this name without performing validation. This could result in untrusted data being deserialized, leading to remote code execution RCE attack when a configuration uses a JMS Source with an unsafe...
CVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution RCE attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol...