0.002 Low
EPSS
Percentile
60.4%
Fluentd is vulnerable to escape sequence injection attacks. User input is pushed directly to the logs without filtering, allowing an attacker to change the terminal UI or execute commands on the device parsing the logs.
access.redhat.com/errata/RHSA-2018:2225
github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
github.com/fluent/fluentd/pull/1733
jvn.jp/en/vu/JVNVU95124098/index.html