0.024 Low
EPSS
Percentile
90.1%
fluentd is vulnerable to remote code execution. The vulnerability exists in due to oj_options.rb, where a non-default configuration allows unauthenticated attackers to execute arbitrary codes via specially crafted JSON payloads.
oj_options.rb
github.com/fluent/fluentd/commit/48e5b85dab1b6d4c273090d538fc11b3f2fd8135
github.com/fluent/fluentd/pull/3929
github.com/fluent/fluentd/security/advisories/GHSA-fppq-mj76-fpj2
lists.fedoraproject.org/archives/list/[email protected]/message/MYD5QV66OLDHES6IKVYYM3Y3YID3VVCO/