CVE-2017-10906 (fluentd): Fluentd Escape Sequence Injection Vulnerability

ADVISORIES

CVE-2017-10906 (NVD)
GHSA-5jrp-w8fr-mrww
Vendor Advisory

GEM

fluentd

SEVERITY

CVSS v3.x: 9.8 (Critical)

UNAFFECTED VERSIONS

< 0.12.29

PATCHED VERSIONS

>= 0.12.41

DESCRIPTION

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

https://access.redhat.com/errata/RHSA-2018:2225
https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
https://jvn.jp/en/vu/JVNVU95124098/index.html

RubySec