Vulnerabilities > CVE-2017-10906
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 12 | |
Application | 1 |
Redhat
advisories |
| ||||
rpms | fluentd-0:0.12.41-1.el7 |
References
- https://access.redhat.com/errata/RHSA-2018:2225
- https://access.redhat.com/errata/RHSA-2018:2225
- https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
- https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
- https://github.com/fluent/fluentd/pull/1733
- https://github.com/fluent/fluentd/pull/1733
- https://jvn.jp/en/vu/JVNVU95124098/index.html
- https://jvn.jp/en/vu/JVNVU95124098/index.html