VulnerableCode Package Details - pkg:gem/fluentd@0.12.41

Search for packages

Vulnerability	Summary	Fixed by
VCID-ar2a-d6fd-q3e5 Aliases: CVE-2021-41186 GHSA-hwhf-64mh-r662	Uncontrolled Resource Consumption Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The `parser_apache2` plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don't use `parser_apache2` for parsing logs (which cannot guarantee generated by Apache), or put patched version of `parser_apache2.rb` into `/etc/fluent/plugin` directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).	1.14.2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-bdd8-gcfd-4fgc Aliases: CVE-2020-21514 GHSA-wrxf-x8rm-6ggg	Fluent Fluentd and Fluent-ui use default password An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password.	1.8.1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-ar2a-d6fd-q3e5
Aliases:
CVE-2021-41186
GHSA-hwhf-64mh-r662

Uncontrolled Resource Consumption Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The `parser_apache2` plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don't use `parser_apache2` for parsing logs (which cannot guarantee generated by Apache), or put patched version of `parser_apache2.rb` into `/etc/fluent/plugin` directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

1.14.2
Affected by 2 other vulnerabilities.

VCID-bdd8-gcfd-4fgc
Aliases:
CVE-2020-21514
GHSA-wrxf-x8rm-6ggg

Fluent Fluentd and Fluent-ui use default password An issue was discovered in Fluent Fluentd v.1.8.0 and Fluent-ui v.1.2.2 that allows attackers to gain escilated privileges and execute arbitrary code due to use of a default password.

1.8.1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-c3m4-ztwy-yye7	Improper Neutralization of Escape, Meta, or Control Sequences Escape sequence injection vulnerability in Fluentd may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.	CVE-2017-10906 GHSA-5jrp-w8fr-mrww

Vulnerability

Summary

Aliases

VCID-c3m4-ztwy-yye7

Improper Neutralization of Escape, Meta, or Control Sequences Escape sequence injection vulnerability in Fluentd may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

CVE-2017-10906
GHSA-5jrp-w8fr-mrww

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:38:40.760518+00:00	GitLab Importer	Affected by	VCID-bdd8-gcfd-4fgc	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2020-21514.yml	38.6.0
2026-06-05T21:24:22.125934+00:00	GHSA Importer	Fixing	VCID-c3m4-ztwy-yye7	https://github.com/advisories/GHSA-5jrp-w8fr-mrww	38.6.0
2026-06-04T18:12:33.715555+00:00	Ruby Importer	Affected by	VCID-ar2a-d6fd-q3e5	https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2021-41186.yml	38.6.0
2026-06-04T17:57:13.075735+00:00	GithubOSV Importer	Fixing	VCID-c3m4-ztwy-yye7	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-5jrp-w8fr-mrww/GHSA-5jrp-w8fr-mrww.json	38.6.0
2026-06-02T04:37:22.582973+00:00	GitLab Importer	Fixing	VCID-c3m4-ztwy-yye7	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2017-10906.yml	38.6.0