VulnerableCode Package Details - pkg:gem/fluentd@0.12.39

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:gem/fluentd@0.12.39

Essentials
History (3)

purl	pkg:gem/fluentd@0.12.39

Next non-vulnerable version	1.15.3
Latest non-vulnerable version	1.15.3
Risk	4.5

Vulnerabilities affecting this package (3)

Vulnerability	Summary	Fixed by
VCID-ar2a-d6fd-q3e5 Aliases: CVE-2021-41186 GHSA-hwhf-64mh-r662	Uncontrolled Resource Consumption Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The `parser_apache2` plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don't use `parser_apache2` for parsing logs (which cannot guarantee generated by Apache), or put patched version of `parser_apache2.rb` into `/etc/fluent/plugin` directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).	1.14.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bdd8-gcfd-4fgc Aliases: CVE-2020-21514 GHSA-wrxf-x8rm-6ggg	Fluent Fluentd and Fluent-ui use default password An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password.	1.8.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-c3m4-ztwy-yye7 Aliases: CVE-2017-10906 GHSA-5jrp-w8fr-mrww	Improper Neutralization of Escape, Meta, or Control Sequences Escape sequence injection vulnerability in Fluentd may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.	0.12.41 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:38:40.752845+00:00	GitLab Importer	Affected by	VCID-bdd8-gcfd-4fgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2020-21514.yml	38.6.0
2026-06-04T20:10:25.234321+00:00	GitLab Importer	Affected by	VCID-c3m4-ztwy-yye7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2017-10906.yml	38.6.0
2026-06-04T18:12:33.707460+00:00	Ruby Importer	Affected by	VCID-ar2a-d6fd-q3e5	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2021-41186.yml	38.6.0