CVE-2022-39379

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39379

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-39379.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39379

Aliases

Published

2022-11-02T13:15:13Z

Modified

2024-05-14T12:14:16.157994Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable FLUENT_OJ_OPTION_MODE is explicitly set to object. Please note: The option FLUENTOJOPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use FLUENT_OJ_OPTION_MODE=object.

References

Affected packages

Git / github.com/fluent/fluentd

Affected ranges

Type: GIT
Repo: https://github.com/fluent/fluentd
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

48e5b85dab1b6d4c273090d538fc11b3f2fd8135

Affected versions

v0.*

v0.10.0

v0.10.1

v0.10.10

v0.10.11

v0.10.12

v0.10.13

v0.10.14

v0.10.15

v0.10.16

v0.10.17

v0.10.18

v0.10.19

v0.10.2

v0.10.20

v0.10.21

v0.10.22

v0.10.23

v0.10.24

v0.10.25

v0.10.26

v0.10.27

v0.10.28

v0.10.3

v0.10.30

v0.10.31

v0.10.32

v0.10.34

v0.10.35

v0.10.36

v0.10.37

v0.10.38

v0.10.39

v0.10.4

v0.10.40

v0.10.41

v0.10.42

v0.10.43

v0.10.44

v0.10.45

v0.10.46

v0.10.47

v0.10.48

v0.10.49

v0.10.5

v0.10.50

v0.10.51

v0.10.52

v0.10.53

v0.10.6

v0.10.7

v0.10.8

v0.10.9

v0.12.0

v0.12.0.pre.1

v0.12.0.pre.2

v0.12.0.pre.3

v0.12.1

v0.12.10

v0.12.11

v0.12.12

v0.12.13

v0.12.14

v0.12.15

v0.12.16

v0.12.2

v0.12.3

v0.12.4

v0.12.5

v0.12.6

v0.12.7

v0.12.8

v0.12.9

v0.14.0

v0.14.0.pre.1

v0.14.0.rc.1

v0.14.0.rc.2

v0.14.0.rc.3

v0.14.1

v0.14.10

v0.14.11

v0.14.12

v0.14.13

v0.14.14

v0.14.14.pre.1

v0.14.15

v0.14.16

v0.14.17

v0.14.18

v0.14.19

v0.14.2

v0.14.20

v0.14.20.rc1

v0.14.21

v0.14.22

v0.14.22.rc1

v0.14.22.rc2

v0.14.23

v0.14.23.rc1

v0.14.24

v0.14.25

v0.14.4

v0.14.5

v0.14.6

v0.14.7

v0.14.8

v0.14.9

v0.9.0

v0.9.1

v0.9.10

v0.9.11

v0.9.12

v0.9.13

v0.9.14

v0.9.15

v0.9.16

v0.9.17

v0.9.18

v0.9.19

v0.9.2

v0.9.20

v0.9.21

v0.9.3

v0.9.4

v0.9.5

v0.9.6

v0.9.7

v0.9.8

v0.9.9

v1.*

v1.0.0

v1.0.0.rc1

v1.0.1

v1.0.2

v1.1.0

v1.1.1

v1.1.2

v1.1.3

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.10.4

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.12.0

v1.12.0.rc1

v1.12.0.rc2

v1.12.1

v1.12.2

v1.12.3

v1.12.4

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.14.0

v1.14.0.rc

v1.14.1

v1.14.2

v1.14.3

v1.14.4

v1.14.5

v1.14.6

v1.15.0

v1.15.1

v1.15.2

v1.2.0

v1.2.0.pre1

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.4.rc1

v1.2.5

v1.2.5.rc1

v1.2.6

v1.3.0

v1.3.1

v1.3.2

v1.3.3

v1.4.0

v1.4.1

v1.4.2

v1.5.0

v1.5.0.rc1

v1.5.1

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.7.0

v1.7.0.rc1

v1.7.1

v1.7.2

v1.7.3

v1.8.0

v1.8.0.rc1

v1.8.0.rc2

v1.8.0.rc3

v1.8.1

v1.9.0

v1.9.0.rc1

v1.9.0.rc2

v1.9.1

v1.9.2

v1.9.3