PT-2017-11598 · Treasure Data · Fluentd

Teppei Fukuda

Published

2017-12-08

Updated

2022-05-13

CVE-2017-10906

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Fluentd versions 0.12.29 through 0.12.40

Description The issue allows an attacker to potentially change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Recommendations For Fluentd versions 0.12.29 through 0.12.40, update to a version outside of this range to mitigate the risk.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2017-10906

GHSA-5JRP-W8FR-MRWW

RHSA-2018:2225

Affected Products

Fluentd

PT-2017-11598 · Treasure Data · Fluentd

CVE-2017-10906

Related Identifiers

Affected Products

References · 10