Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/fluentd@1.14.5
purl pkg:gem/fluentd@1.14.5
Next non-vulnerable version 1.15.3
Latest non-vulnerable version 1.15.3
Risk 3.6
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-8hsx-rzd7-gqe2
Aliases:
CVE-2022-39379
GHSA-fppq-mj76-fpj2
fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) ### Impact A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. ### Patches v1.15.3 ### Workarounds Do not use `FLUENT_OJ_OPTION_MODE=object`. ### References * GHSL-2022-067
1.15.3
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-06T03:09:09.405744+00:00 GitLab Importer Affected by VCID-8hsx-rzd7-gqe2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2022-39379.yml 38.6.0