CVE-2017-10906
published 2017-12-08CVE-2017-10906: Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary…
critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cloud_native_computing_foundation | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | — | — |
| fluentd | fluentd | >= 0.12.29 < 0.12.41 | 0.12.41 |
| linux | linux_kernel | >= 0 < 4.4.0-166.195 | 4.4.0-166.195 |
| redhat | openstack | — | — |
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv7.0HIGH