Search criteria
1 vulnerability by Cloud Native Computing Foundation (CNCF)
CVE-2017-10906 (GCVE-0-2017-10906)
Vulnerability from cvelistv5 – Published: 2017-12-08 15:00 – Updated: 2024-08-05 17:50
VLAI
Summary
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Severity
No CVSS data available.
CWE
- Escape Sequence Injection
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2225 | vendor-advisoryx_refsource_REDHAT |
| https://jvn.jp/en/vu/JVNVU95124098/index.html | x_refsource_MISC |
| https://github.com/fluent/fluentd/blob/v0.12/CHAN… | x_refsource_CONFIRM |
| https://github.com/fluent/fluentd/pull/1733 | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Cloud Native Computing Foundation (CNCF) | Fluentd |
Affected:
0.12.29 through 0.12.40
|
Date Public
2017-12-08 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T17:50:12.579Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/fluent/fluentd/pull/1733"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Fluentd",
"vendor": "Cloud Native Computing Foundation (CNCF)",
"versions": [
{
"status": "affected",
"version": "0.12.29 through 0.12.40"
}
]
}
],
"datePublic": "2017-12-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Escape Sequence Injection",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-07-20T09:57:01.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"name": "RHSA-2018:2225",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/fluent/fluentd/pull/1733"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2017-10906",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Fluentd",
"version": {
"version_data": [
{
"version_value": "0.12.29 through 0.12.40"
}
]
}
}
]
},
"vendor_name": "Cloud Native Computing Foundation (CNCF)"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Escape Sequence Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2225",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2225"
},
{
"name": "https://jvn.jp/en/vu/JVNVU95124098/index.html",
"refsource": "MISC",
"url": "https://jvn.jp/en/vu/JVNVU95124098/index.html"
},
{
"name": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"
},
{
"name": "https://github.com/fluent/fluentd/pull/1733",
"refsource": "CONFIRM",
"url": "https://github.com/fluent/fluentd/pull/1733"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2017-10906",
"datePublished": "2017-12-08T15:00:00.000Z",
"dateReserved": "2017-07-04T00:00:00.000Z",
"dateUpdated": "2024-08-05T17:50:12.579Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}