{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010280.html",
  "dc:date": "2017-12-11T14:13+09:00",
  "dcterms:issued": "2017-12-11T14:13+09:00",
  "dcterms:modified": "2017-12-11T14:13+09:00",
  "description": "Fluentd provided by Cloud Native Computing Foundation (CNCF) contains an escape sequence injection vulnerability.\r\n\r\nFluentd is an open source data collector provided by Cloud Native Computing Foundation (CNCF). The parse Filter Plugin for Fluentd contains an escape sequence injection vulnerability (CWE-150) due to a flaw in processing logs.\r\n\r\nTeppei Fukuda reported this vulnerability to JPCERT/CC.\r\nJPCERT/CC coordinated with the developer.",
  "link": "https://jvndb.jvn.jp/en/contents/2017/JVNDB-2017-010280.html",
  "sec:cpe": {
    "#text": "cpe:/a:fluentd:fluentd",
    "@product": "Fluentd",
    "@vendor": "Cloud Native Computing Foundation (CNCF)",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "5.0",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
      "@version": "2.0"
    },
    {
      "@score": "5.3",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2017-010280",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/vu/JVNVU95124098/index.html",
      "@id": "JVNVU#95124098",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10906",
      "@id": "CVE-2017-10906",
      "@source": "CVE"
    },
    {
      "#text": "https://nvd.nist.gov/vuln/detail/CVE-2017-10906",
      "@id": "CVE-2017-10906",
      "@source": "NVD"
    },
    {
      "#text": "https://cwe.mitre.org/data/definitions/150.html",
      "@id": "CWE-150",
      "@title": "Improper Neutralization of Escape, Meta, or Control Sequences(CWE-150)"
    }
  ],
  "title": "Fluentd vulenrable to escape sequence injection"
}