CVE-2017-10906: Improper Neutralization of Escape, Meta, or Control Sequences

December 8, 2017 (updated October 3, 2019)

Escape sequence injection vulnerability in Fluentd may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

References

github.com/fluent/fluentd/blob/v0.12/CHANGELOG.md
github.com/fluent/fluentd/pull/1733
jvn.jp/en/vu/JVNVU95124098/index.html
nvd.nist.gov/vuln/detail/CVE-2017-10906

Code Behaviors & Features

Detect and mitigate CVE-2017-10906 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →