CVE-2017-10906
CRITICALFluentd 0.12.29-0.12.40 - Escape Sequence Injection
Title source: llmDescription
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2225
Issue Tracking, Third Party Advisory, VDB Entry x_refsource_misc
https://jvn.jp/en/vu/JVNVU95124098/index.html
Issue Tracking, Release Notes, Third Party Advisory x_refsource_confirm
https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://github.com/fluent/fluentd/pull/1733
Scores
CVSS v3
9.8
EPSS
0.0136
EPSS Percentile
80.4%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (15)
Cloud Native Computing Foundation (CNCF)/Fluentd
0.12.29 through 0.12.40
fluentd/fluentd
0.12.29
fluentd/fluentd
0.12.30
fluentd/fluentd
0.12.31
fluentd/fluentd
0.12.32
fluentd/fluentd
0.12.33
fluentd/fluentd
0.12.34
fluentd/fluentd
0.12.35
fluentd/fluentd
0.12.36
fluentd/fluentd
0.12.37
... and 5 more
Published
Dec 08, 2017
Tracked Since
Feb 18, 2026