Maven package
org.apache.flume.flume-ng-sources/flume-jms-source
pkg:maven/org.apache.flume.flume-ng-sources/flume-jms-source
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-42468 | — | < 1.11.0 | 1.11.0 | Oct 26, 2022 | Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | ||
| CVE-2022-34916 | — | >= 1.4.0, < 1.10.1 | 1.10.1 | Aug 21, 2022 | Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the | ||
| CVE-2022-25167 | — | >= 1.4.0, < 1.10.0 | 1.10.0 | Jun 14, 2022 | Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the |
- CVE-2022-42468Oct 26, 2022affected < 1.11.0fixed 1.11.0
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
- CVE-2022-34916Aug 21, 2022affected >= 1.4.0, < 1.10.1fixed 1.10.1
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the
- CVE-2022-25167Jun 14, 2022affected >= 1.4.0, < 1.10.0fixed 1.10.0
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the