Critical severity9.8NVD Advisory· Published Dec 8, 2017· Updated May 13, 2026
CVE-2017-10906
CVE-2017-10906
Description
Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
fluentdRubyGems | >= 0.12.29, < 0.12.41 | 0.12.41 |
Affected products
14cpe:2.3:a:fluentd:fluentd:0.12.29:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:fluentd:fluentd:0.12.29:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.30:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.31:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.32:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.33:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.34:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.35:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.36:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.37:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.38:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.39:*:*:*:*:*:*:*
- cpe:2.3:a:fluentd:fluentd:0.12.40:*:*:*:*:*:*:*
- Cloud Native Computing Foundation (CNCF)/Fluentdv5Range: 0.12.29 through 0.12.40
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
7- github.com/fluent/fluentd/pull/1733nvdIssue TrackingPatchThird Party AdvisoryWEB
- access.redhat.com/errata/RHSA-2018:2225nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-5jrp-w8fr-mrwwghsaADVISORY
- github.com/fluent/fluentd/blob/v0.12/CHANGELOG.mdnvdIssue TrackingRelease NotesThird Party AdvisoryWEB
- jvn.jp/en/vu/JVNVU95124098/index.htmlnvdIssue TrackingThird Party AdvisoryVDB EntryWEB
- nvd.nist.gov/vuln/detail/CVE-2017-10906ghsaADVISORY
- github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2017-10906.ymlghsaWEB
News mentions
0No linked articles in our index yet.