本ページは apache flume に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2022-42468 | Apache Flume versions 1.4.0 through 1.10.1 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | [email protected] | 9.8 | 2.72% | 2022-10-26 | 2026-06-17 |
| CVE-2022-34916 | Apache Flume versions 1.4.0 through 1.10.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | [email protected] | 9.8 | 2.31% | 2022-08-21 | 2026-06-17 |
| CVE-2022-25167 | Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | [email protected] | 9.8 | 4.74% | 2022-06-14 | 2026-06-17 |