Vulnerabilities > Apache > Flume > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-26 | CVE-2022-42468 | Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. | 9.8 |
2022-08-21 | CVE-2022-34916 | Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 9.8 |
2022-06-14 | CVE-2022-25167 | Unspecified vulnerability in Apache Flume 1.4.0/1.9.0 Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. | 9.8 |