Ralph Goers

**Name of the Vulnerable Software and Affected Versions** Apache Flume versions 1.4.0 through 1.10.0 **Description** The issue allows for a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI, and an attacker has control of the target LDAP server. This is due to the failure to neutralize special elements in the JMSMessageConsumer component. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. The attack can be executed through the JMS Source with a JNDI LDAP data source URI, and limiting JNDI to allow only the use of the java protocol or no protocol can fix the issue. **Recommendations** For Apache Flume versions 1.4.0 through 1.10.0, limit JNDI to allow only the use of the java protocol or no protocol to fix the issue. As a temporary workaround, consider disabling the JMS Source with a JNDI LDAP data source URI until a patch is available. Restrict access to the JMSMessageConsumer component to minimize the risk of exploitation. Avoid using the JNDI LDAP data source URI in the affected configurations until the issue is resolved.