CVSS v3.x: 3.1 (Low)
- < 1.13.2
- >= 1.15.3
A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads.
Fluentd setups are only affected if the environment variable
FLUENT_OJ_OPTION_MODE is explicitly set to
Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability.
Do not use