Количество 2
Количество 2
CVE-2022-42468
Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
GHSA-9w4g-fp9h-3q2v
Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-42468 Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад |
| GHSA-9w4g-fp9h-3q2v Apache Flume vulnerable to remote code execution via deserialization of unsafe providerURL | CVSS3: 9.8 | 2% Низкий | больше 3 лет назад |
Уязвимостей на страницу