CVE-2017-10906

Sažetak

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

Reference

https://jvn.jp/en/vu/JVNVU95124098/index.html
https://github.com/fluent/fluentd/pull/1733
https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
https://access.redhat.com/errata/RHSA-2018:2225

CVSS

Base:	10.0
Impact:	10.0
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

04-08-2021 - 17:14

Objavljeno

08-12-2017 - 15:29