CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-26455
https://notcve.org/view.php?id=CVE-2024-26455
26 Feb 2024 — fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. fluent-bit 2.2.2 contiene una vulnerabilidad Use-After-Free en /fluent-bit/plugins/custom_calyptia/calyptia.c. • https://github.com/LuMingYinDetect/fluent-bit_defects/blob/main/fluent-bit_detect_1.md • CWE-416: Use After Free •
CVSS: 9.0EPSS: 0%CPEs: 2EXPL: 1CVE-2020-21514
https://notcve.org/view.php?id=CVE-2020-21514
04 Apr 2023 — An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 allows attackers to gain escalated privileges and execute arbitrary code due to a default password. • https://github.com/fluent/fluentd/issues/2722 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 6%CPEs: 2EXPL: 0CVE-2022-39379 – Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
https://notcve.org/view.php?id=CVE-2022-39379
02 Nov 2022 — Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier... • https://github.com/fluent/fluentd/commit/48e5b85dab1b6d4c273090d538fc11b3f2fd8135 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41186 – ReDoS vulnerability in parser_apache2
https://notcve.org/view.php?id=CVE-2021-41186
29 Oct 2021 — Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing... • https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 1%CPEs: 13EXPL: 0CVE-2017-10906 – fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs
https://notcve.org/view.php?id=CVE-2017-10906
08 Dec 2017 — Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. Una vulnerabilidad de inyección de secuencias de escape en Fluentd en las versiones 0.12.29 hasta la 0.12.40 podría permitir que un atacante cambie la interfaz de usuario del terminal o ejecute comandos arbitrarios en el dispositivo mediante vectores sin especificar. Fluentd is an open source data collector de... • https://access.redhat.com/errata/RHSA-2018:2225 • CWE-138: Improper Neutralization of Special Elements •