Rancher code injection via fluentd config commands

In Rancher 2 through 2.2.3, Project owners can inject additional fluentd configuration to read files or execute arbitrary commands inside the fluentd container...

Improper Neutralization

Overview Affected versions of this package are vulnerable to Improper Neutralization via the filterparser.rb:filterstream function. Exploiting this vulnerability may allow an attacker to change the terminal UI or execute arbitrary commands on the victim's device via unspecified vectors. NOTE: A...

Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

GHSA-5JRP-W8FR-MRWW Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

Fluentd Escape Sequence Injection Vulnerability

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors...

CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

ReDoS vulnerability in parser_apache2

Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...

GHSA-HWHF-64MH-R662 ReDoS vulnerability in parser_apache2

Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...

Regular Expression Denial Of Service (ReDoS)

fluentd is vulnerable to regular expression denial of service ReDoS attacks. An attacker is able to inject a certain pattern of string via a broken apache log that would cause a ReDoS attack when the parsed malicious string spends too much time in the regular expression...

ReDoS vulnerability in parser_apache2

Impact parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. Patches v1.14.2...

CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

CVE-2021-41186

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

Design/Logic Flaw

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

CVE-2021-41186

CVE-2021-41186 concerns a ReDoS in Fluentd’s parser_apache2 plugin (versions 0.14.14–1.14.1). The issue causes excessive CPU time when processing certain broken Apache log patterns, leading to potential DoS. A fix is available in Fluentd 1.14.2. If upgrading is not feasible, workarounds include: ...

CVE-2021-41186 ReDoS vulnerability in parser_apache2

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string ca...

Fluentd 资源管理错误漏洞

Fluentd is an open source log collector from the Cloud Native Computing Cloud Native Computing Foundation Foundation. It is used to collect events from various data sources and write them to files, Rdbms, NoSql, IaaS, SaaS, Hadoop and more. A resource management error vulnerability exists in...

PT-2021-23159

Name of the Vulnerable Software and Affected Versions Fluentd versions 0.14.14 through 1.14.1 Description The parser apache2 plugin in Fluentd suffers from a regular expression denial of service ReDoS vulnerability. A broken apache log with a certain pattern of string can spend too much time in a...

Moderate: Red Hat Bug Fix Advisory: Openshift Logging Bug Fix Release (5.0.2)

Openshift Logging Bug Fix Release 5.0.2 Openshift Logging Bug Fix Release 5.0.2 You use the Red Hat OpenShift Logging product to forward, store, and visualize log data from your cluster. Changes to the Red Hat OpenShift Logging product: If you did not set .proxy in the cluster installation...

Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Vulnerability

Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...

Fluentd TD-agent 4.0.1 Insecure Folder Permission

Exploit Title: Fluentd TD-agent plugin 4.0.1 - Insecure Folder Permission Date: 21.12.2020 Exploit Author: Adrian Bondocea Vendor Homepage: https://www.fluentd.org/ Software Link: https://td-agent-package-browser.herokuapp.com/4/windows Version: icacls C:\opt\td-agent\bin C:\opt\td-agent\bin...