233 matches found
Rancher code injection via fluentd config commands
In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...
GHSA-5JRP-W8FR-MRWW Fluentd Escape Sequence Injection Vulnerability
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...
Improper Neutralization
Overview Affected versions of this package are vulnerable to Improper Neutralization via the filterparser.rb:filterstream function. Exploiting this vulnerability may allow an attacker to change the terminal UI or execute arbitrary commands on the victim's device via unspecified vectors. NOTE: A...
Fluentd Escape Sequence Injection Vulnerability
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...
Fluentd Escape Sequence Injection Vulnerability
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...
CVE-2021-41186
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...
GHSA-HWHF-64MH-R662 ReDoS vulnerability in parser_apache2
Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...
ReDoS vulnerability in parser_apache2
Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...
Regular Expression Denial Of Service (ReDoS)
fluentd is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to inject a certain pattern of string via a broken apache log that would cause a ReDoS attack when the parsed malicious string spends too much time in the regular expression...
ReDoS vulnerability in parser_apache2
Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...
CVE-2021-41186
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...
CVE-2021-41186
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...
Design/Logic Flaw
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...
CVE-2021-41186
CVE-2021-41186 concerns a ReDoS in Fluentd’s parser_apache2 plugin (versions 0.14.14–1.14.1). The issue causes excessive CPU time when processing certain broken Apache log patterns, leading to potential DoS. A fix is available in Fluentd 1.14.2. If upgrading is not feasible, workarounds include: ...
CVE-2021-41186 ReDoS vulnerability in parser_apache2
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...
Fluentd 资源管理错误漏洞
Fluentd is an open source log collector from the Cloud Native Computing Cloud Native Computing Foundation Foundation. It is used to collect events from various data sources and write them to files, Rdbms, NoSql, IaaS, SaaS, Hadoop and more. A resource management error vulnerability exists in...
PT-2021-23159
Name of the Vulnerable Software and Affected Versions Fluentd versions 0.14.14 through 1.14.1 Description The parser apache2 plugin in Fluentd suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a...
Moderate: Red Hat Bug Fix Advisory: Openshift Logging Bug Fix Release (5.0.2)
Openshift Logging Bug Fix Release 5.0.2 Openshift Logging Bug Fix Release 5.0.2 You use the Red Hat OpenShift Logging product to forward, store, and visualize log data from your cluster. Changes to the Red Hat OpenShift Logging product: If you did not set .proxy in the cluster installation...
Fluentd TD-agent 4.0.1 Insecure Folder Permission
Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Date: 21.12.2020 Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...
Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission
Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Date: 21.12.2020 Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...