Fluentd Escape Sequence Injection Vulnerability

GHSA-5jrp-w8fr-mrww · CVE-2017-10906

Published May 13, 2022 · Modified Dec 5, 2024

Description

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2017-10906
WEB https://github.com/fluent/fluentd/pull/1733
WEB https://access.redhat.com/errata/RHSA-2018:2225
PACKAGE https://github.com/fluent/fluentd
WEB https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
WEB https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2017-10906.yml
WEB https://jvn.jp/en/vu/JVNVU95124098/index.html

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes