{"id":"CVE-2017-10906","details":"Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.","aliases":["GHSA-5jrp-w8fr-mrww"],"modified":"2026-07-08T05:48:31.645300890Z","published":"2017-12-08T15:29:00.260Z","database_specific":{"unresolved_ranges":[{"extracted_events":[{"introduced":"13"},{"last_affected":"13"}],"source":"CPE_STRING","vendor_product":"redhat:openstack","cpes":["cpe:2.3:a:redhat:openstack:13:*:*:*:*:*:*:*"]}]},"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:2225"},{"type":"REPORT","url":"https://github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md#bug-fixes"},{"type":"REPORT","url":"https://jvn.jp/en/vu/JVNVU95124098/index.html"},{"type":"FIX","url":"https://github.com/fluent/fluentd/pull/1733"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fluent/fluentd","events":[{"introduced":"cd458194c949851a2b76c06b994330e964b55cc0"},{"last_affected":"d5e0a61e06a7cfeb7266b018e77ac74f85c0c06d"}],"database_specific":{"source":"CPE_STRING","cpe":["cpe:2.3:a:fluentd:fluentd:0.12.29:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.30:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.31:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.32:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.33:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.34:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.35:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.36:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.37:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.38:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.39:*:*:*:*:*:*:*","cpe:2.3:a:fluentd:fluentd:0.12.40:*:*:*:*:*:*:*"],"extracted_events":[{"introduced":"0.12.29"},{"last_affected":"0.12.29"},{"introduced":"0.12.30"},{"last_affected":"0.12.30"},{"introduced":"0.12.31"},{"last_affected":"0.12.31"},{"introduced":"0.12.32"},{"last_affected":"0.12.32"},{"introduced":"0.12.33"},{"last_affected":"0.12.33"},{"introduced":"0.12.34"},{"last_affected":"0.12.34"},{"introduced":"0.12.35"},{"last_affected":"0.12.35"},{"introduced":"0.12.36"},{"last_affected":"0.12.36"},{"introduced":"0.12.37"},{"last_affected":"0.12.37"},{"introduced":"0.12.38"},{"last_affected":"0.12.38"},{"introduced":"0.12.39"},{"last_affected":"0.12.39"},{"introduced":"0.12.40"},{"last_affected":"0.12.40"}]}}],"versions":["0.12.29","0.12.30","0.12.31","0.12.32","0.12.33","0.12.34","0.12.35","0.12.36","0.12.37","0.12.38","0.12.39","0.12.40","v0.12.40","v0.12.39","v0.12.38","v0.12.37","v0.12.36","v0.12.35","v0.12.34","v0.12.33","v0.12.32","v0.12.31","v0.12.30","v0.12.29"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-10906.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}