Vulnerabilities > Apache > Flume > Critical

DATE CVE VULNERABILITY TITLE RISK
2022-10-26 CVE-2022-42468 Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL.
network
low complexity
apache
critical
9.8
2022-08-21 CVE-2022-34916 Unspecified vulnerability in Apache Flume 1.10.0/1.4.0/1.9.0
Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
low complexity
apache
critical
9.8
2022-06-14 CVE-2022-25167 Unspecified vulnerability in Apache Flume 1.4.0/1.9.0
Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server.
network
low complexity
apache
critical
9.8