CVE-2017-10906 – fluentd

Package

Manager: gem
Name: fluentd
Vulnerable Version: >=0.12.29 <0.12.41

Severity

Level: Critical

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.01357 pctl0.79408

Details

Fluentd Escape Sequence Injection Vulnerability Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Metadata

Created: 2022-05-13T01:07:35Z
Modified: 2023-01-24T16:01:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5jrp-w8fr-mrww/GHSA-5jrp-w8fr-mrww.json
CWE IDs: []
Alternative ID: GHSA-5jrp-w8fr-mrww
Finding: F184
Auto approve: 1