Vulnerability Description
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fluentd | Fluentd | 0.12.29 |
| Redhat | Openstack | 13 |
References
- https://access.redhat.com/errata/RHSA-2018:2225Third Party Advisory
- https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixesIssue TrackingRelease NotesThird Party Advisory
- https://github.com/fluent/fluentd/pull/1733Issue TrackingPatchThird Party Advisory
- https://jvn.jp/en/vu/JVNVU95124098/index.htmlIssue TrackingThird Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2018:2225Third Party Advisory
- https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixesIssue TrackingRelease NotesThird Party Advisory
- https://github.com/fluent/fluentd/pull/1733Issue TrackingPatchThird Party Advisory
- https://jvn.jp/en/vu/JVNVU95124098/index.htmlIssue TrackingThird Party AdvisoryVDB Entry
FAQ
What is CVE-2017-10906?
CVE-2017-10906 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
How severe is CVE-2017-10906?
CVE-2017-10906 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2017-10906?
Check the references section above for vendor advisories and patch information. Affected products include: Fluentd Fluentd, Redhat Openstack.