Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.
References
- https://nvd.nist.gov/vuln/detail/CVE-2017-10906
- https://github.com/fluent/fluentd/pull/1733
- https://access.redhat.com/errata/RHSA-2018:2225
- https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes
- https://jvn.jp/en/vu/JVNVU95124098/index.html
- https://github.com/advisories/GHSA-5jrp-w8fr-mrww