{"id":"CVE-2021-41186","details":"Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).","aliases":["BIT-fluentd-2021-41186","GHSA-hwhf-64mh-r662"],"modified":"2026-04-10T04:38:16.722337Z","published":"2021-10-29T14:15:07.730Z","related":["GHSA-hwhf-64mh-r662","openSUSE-SU-2024:11795-1","openSUSE-SU-2024:13155-1","openSUSE-SU-2024:14072-1","openSUSE-SU-2025:15115-1","openSUSE-SU-2026:10346-1"],"references":[{"type":"WEB","url":"https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"},{"type":"ADVISORY","url":"https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"},{"type":"ADVISORY","url":"https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fluent/fluentd","events":[{"introduced":"85d51905accfce7158470f3e4ab99641a4cfd5e9"},{"last_affected":"6a3b2216c13b55861c8679a0c2e02436f426774f"}],"database_specific":{"versions":[{"introduced":"0.14.14"},{"last_affected":"1.14.1"}]}}],"versions":["v0.14.14","v0.14.15","v0.14.16","v0.14.17","v0.14.18","v0.14.19","v0.14.20","v0.14.20.rc1","v0.14.21","v0.14.22","v0.14.22.rc1","v0.14.22.rc2","v0.14.23","v0.14.23.rc1","v0.14.24","v0.14.25","v1.0.0","v1.0.0.rc1","v1.0.1","v1.0.2","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.10.0","v1.10.1","v1.10.2","v1.10.3","v1.10.4","v1.11.0","v1.11.1","v1.11.2","v1.11.3","v1.11.4","v1.11.5","v1.12.0","v1.12.0.rc1","v1.12.0.rc2","v1.12.1","v1.12.2","v1.12.3","v1.13.0","v1.13.1","v1.13.2","v1.13.3","v1.14.0","v1.14.0.rc","v1.14.1","v1.2.0","v1.2.0.pre1","v1.2.1","v1.2.2","v1.2.3","v1.2.4","v1.2.4.rc1","v1.2.5","v1.2.5.rc1","v1.2.6","v1.3.0","v1.3.1","v1.3.2","v1.3.3","v1.4.0","v1.4.1","v1.4.2","v1.5.0","v1.5.0.rc1","v1.5.1","v1.6.0","v1.6.1","v1.6.2","v1.7.0","v1.7.0.rc1","v1.7.1","v1.7.2","v1.7.3","v1.8.0","v1.8.0.rc1","v1.8.0.rc2","v1.8.0.rc3","v1.8.1","v1.9.0","v1.9.0.rc1","v1.9.0.rc2","v1.9.1","v1.9.2","v1.9.3"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41186.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}