Apache Flume is a distributed, reliable and available service from the Apache Foundation, USA. Used to efficiently collect, aggregate, and move large amounts of log data, versions of Apache Flume prior to 1.4.0 through 1.10.0 contain a security vulnerability that stems from vulnerability to remote code execution (RCE) attacks when an attacker controls the configuration of an LDAP server using a JMS Source with a JNDI LDAP data source URI. No detailed vulnerability details are currently available.