CVE-2022-42468: Improper Input Validation
(updated )
Apache Flume versions 1.4.0 through 1.10.1 is vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with an unsafe providerURL. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol.
References
Detect and mitigate CVE-2022-42468 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →