CVE-2017-10906

EPSS 1.36%
Published 08.12.2017 15:29:00
Last modified 20.04.2025 01:37:25
Source vultures@jpcert.or.jp
Teams watchlist Login
Open Login

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 0 References 7

Data is provided by the National Vulnerability Database (NVD)

Fluentd ≫ Fluentd Version0.12.29

Fluentd ≫ Fluentd Version0.12.30

Fluentd ≫ Fluentd Version0.12.31

Fluentd ≫ Fluentd Version0.12.32

Fluentd ≫ Fluentd Version0.12.33

Fluentd ≫ Fluentd Version0.12.34

Fluentd ≫ Fluentd Version0.12.35

Fluentd ≫ Fluentd Version0.12.36

Fluentd ≫ Fluentd Version0.12.37

Fluentd ≫ Fluentd Version0.12.38

Fluentd ≫ Fluentd Version0.12.39

Fluentd ≫ Fluentd Version0.12.40

Redhat ≫ Openstack Version13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.36%	0.793

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C

https://access.redhat.com/errata/RHSA-2018:2225

Third Party Advisory

https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes

Third Party Advisory

Release Notes

Issue Tracking

https://github.com/fluent/fluentd/pull/1733

Patch

Third Party Advisory

Issue Tracking

https://jvn.jp/en/vu/JVNVU95124098/index.html

Third Party Advisory

VDB Entry

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2017-10906

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2017-10906

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2017-10906

EUVD