Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:gem/fluentd@1.15.3
purl pkg:gem/fluentd@1.15.3
Vulnerabilities affecting this package (0)
Vulnerability Summary Fixed by
This package is not known to be affected by vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-8hsx-rzd7-gqe2 fluentd vulnerable to remote code execution due to insecure deserialization (in non-default configuration) ### Impact A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. ### Patches v1.15.3 ### Workarounds Do not use `FLUENT_OJ_OPTION_MODE=object`. ### References * GHSL-2022-067 CVE-2022-39379
GHSA-fppq-mj76-fpj2

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-05T21:37:24.110749+00:00 GHSA Importer Fixing VCID-8hsx-rzd7-gqe2 https://github.com/advisories/GHSA-fppq-mj76-fpj2 38.6.0
2026-06-05T17:13:02.257543+00:00 GitLab Importer Fixing VCID-8hsx-rzd7-gqe2 https://gitlab.com/gitlab-org/advisories-community/-/blob/main/gem/fluentd/CVE-2022-39379.yml 38.6.0
2026-06-04T17:52:44.948942+00:00 GithubOSV Importer Fixing VCID-8hsx-rzd7-gqe2 https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-fppq-mj76-fpj2/GHSA-fppq-mj76-fpj2.json 38.6.0