Search for packages
| purl | pkg:gem/fluentd@0.10.35 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ar2a-d6fd-q3e5
Aliases: CVE-2021-41186 GHSA-hwhf-64mh-r662 |
Uncontrolled Resource Consumption Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The `parser_apache2` plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don't use `parser_apache2` for parsing logs (which cannot guarantee generated by Apache), or put patched version of `parser_apache2.rb` into `/etc/fluent/plugin` directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd). |
Affected by 2 other vulnerabilities. |
|
VCID-bdd8-gcfd-4fgc
Aliases: CVE-2020-21514 GHSA-wrxf-x8rm-6ggg |
Fluent Fluentd and Fluent-ui use default password An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-06-06T03:38:40.469165+00:00 | GitLab Importer | Affected by | VCID-bdd8-gcfd-4fgc | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2020-21514.yml | 38.6.0 |
| 2026-06-04T18:12:33.369207+00:00 | Ruby Importer | Affected by | VCID-ar2a-d6fd-q3e5 | https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2021-41186.yml | 38.6.0 |