Lucene search
+L

13 matches found

Github Security Blog
Github Security Blog
added 2026/06/26 4:32 p.m.11 views

Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder

Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/26 4:32 p.m.8 views

Arbitrary Code Injection

Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the path parameter in output plugins when using the $tag placeholder. An attacker can overwrite arbitrary files or inject malicious content by sending specially crafted log entries containing path traversal...

9.8CVSS6.1AI score0.01085EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2020-20654

Malware in sbrugna...

7CVSS6.7AI score0.01171EPSS
Exploits4References10
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-2613

Malicious code in bioql PyPI...

10CVSS9.3AI score0.04581EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7331

Malicious code in bioql PyPI...

9.8CVSS8.7AI score0.44708EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/04/15 12:0 a.m.8 views

RHEL 7 : fluentd (RHSA-2018:2225)

The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...

10CVSS7.8AI score0.04581EPSS
Exploits0References5
RubySec
RubySec
added 2023/04/04 12:0 a.m.10 views

Fluent Fluentd and Fluent-ui use default password

An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password...

8.8CVSS9AI score0.00786EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/11/02 12:0 a.m.4 views

CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...

3.1CVSS9.8AI score0.44708EPSS
Exploits0References3
Snyk
Snyk
added 2022/05/13 1:7 a.m.1 views

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the filterparser.rb:filterstream function. Exploiting this vulnerability may allow an attacker to change the terminal UI or execute arbitrary commands on the victim's device via unspecified vectors. NOTE: A...

10CVSS7.5AI score0.04581EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2021/10/29 2:15 p.m.5 views

CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

7.5CVSS7.1AI score0.02004EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2019/12/10 12:0 a.m.6 views

PT-2019-6330 · Fluentd · Fluentd +1

Name of the Vulnerable Software and Affected Versions: Fluent Fluentd version 1.8.0 Fluent-ui version 1.2.2 Description: The issue is related to the use of a default password in Fluent Fluentd and its browser manager fluentd-ui, allowing attackers to gain escalated privileges and execute arbitrar...

9CVSS8.9AI score0.00786EPSS
Exploits1References13
RedHat Linux
RedHat Linux
added 2018/07/19 1:49 p.m.8 views

fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

10CVSS6.1AI score0.04581EPSS
Exploits0References4
Cvelist
Cvelist
added 2017/12/08 3:0 p.m.23 views

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

9.7AI score0.04581EPSS
Exploits0References4
Rows per page
Query Builder