CVE-2017-10906 – fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs

https://notcve.org/view.php?id=CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors. Una vulnerabilidad de inyección de secuencias de escape en Fluentd en las versiones 0.12.29 hasta la 0.12.40 podría permitir que un atacante cambie la interfaz de usuario del terminal o ejecute comandos arbitrarios en el dispositivo mediante vectores sin especificar. • https://access.redhat.com/errata/RHSA-2018:2225 https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes https://github.com/fluent/fluentd/pull/1733 https://jvn.jp/en/vu/JVNVU95124098/index.html https://access.redhat.com/security/cve/CVE-2017-10906 https://bugzilla.redhat.com/show_bug.cgi?id=1524783 • CWE-138: Improper Neutralization of Special Elements •