13 matches found
Fluentd is Vulnerable to Remote Code Execution (RCE) via Arbitrary File Write in `${tag}` Placeholder
Fluentd allows dynamically constructing file paths using the $tag placeholder. It was discovered that validation for this placeholder was insufficient. If a Fluentd instance is configured to receive logs from untrusted sources and uses the $tag placeholder in file configurations such as the path...
Arbitrary Code Injection
Overview Affected versions of this package are vulnerable to Arbitrary Code Injection via the path parameter in output plugins when using the $tag placeholder. An attacker can overwrite arbitrary files or inject malicious content by sending specially crafted log entries containing path traversal...
EUVD-2020-20654
Malware in sbrugna...
EUVD-2022-2613
Malicious code in bioql PyPI...
EUVD-2022-7331
Malicious code in bioql PyPI...
RHEL 7 : fluentd (RHSA-2018:2225)
The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2018:2225 advisory. Fluentd is an open source data collector designed to scale and simplify log management. It can collect, process and ship many kinds of data in near...
Fluent Fluentd and Fluent-ui use default password
An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password...
CVE-2022-39379 Fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration)
Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution RCE vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the filterparser.rb:filterstream function. Exploiting this vulnerability may allow an attacker to change the terminal UI or execute arbitrary commands on the victim's device via unspecified vectors. NOTE: A...
CVE-2021-41186
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...
PT-2019-6330 · Fluentd · Fluentd +1
Name of the Vulnerable Software and Affected Versions: Fluent Fluentd version 1.8.0 Fluent-ui version 1.2.2 Description: The issue is related to the use of a default password in Fluent Fluentd and its browser manager fluentd-ui, allowing attackers to gain escalated privileges and execute arbitrar...
fluentd: Escape sequence injection in filter_parser.rb:filter_stream can lead to arbitrary command execution when processing logs
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...
CVE-2017-10906
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...