3 matches found
Fluentd is Vulnerable to Denial of Service (DoS) via Gzip Decompression Bomb in `in_http` and `in_forward`
Fluentd's inhttp and inforward plugins support receiving gzip-compressed data. While Fluentd correctly enforces size limits on the incoming compressed payloads e.g., via bodysizelimit or chunksizelimit, it was discovered that there is no limit enforced on the size of the decompressed data. If a...
EUVD-2025-198807
Fluent Bit inhttp, insplunk, and inelasticsearch input plugins contain a flaw in the tagkey validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. A remote attacker with authenticated or exposed acces...
PT-2025-47923
Name of the Vulnerable Software and Affected Versions Fluent Bit versions affected versions not specified Description The in http, in splunk, and in elasticsearch input plugins in Fluent Bit do not properly sanitize tag key inputs. An attacker who can access the network or write records to Splunk...