A vulnerability in the RocketMQ messaging system has been exposed to the internet for more than a decade, according to researchers at the University of California, San Francisco, and the Institute of Security Research.