CVE-2017-10906
CRITICAL9.8EPSS 1.4%Fluentd Escape Sequence Injection Vulnerability
Published: 5/13/2022Modified: 12/5/2024
Also known as:GHSA-5jrp-w8fr-mrww
Description
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Affected packages (1)
- RubyGems/fluentd>= 0.12.29, < 0.12.41
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2017-10906
- PATCHhttps://github.com/fluent/fluentd
- WEBhttps://access.redhat.com/errata/RHSA-2018:2225
- WEBhttps://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
- WEBhttps://github.com/fluent/fluentd/pull/1733
- WEBhttps://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2017-10906.yml
- WEBhttps://jvn.jp/en/vu/JVNVU95124098/index.html