How severe is CVE-2017-10906?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Vulnerability in Cloud Native Computing Foundation (Cncf) Fluentd

CVE-2017-10906

Escape sequence injection vulnerability in Fluentd versions 0.12.29 through 0.12.40 may allow an attacker to change the terminal UI or execute arbitrary commands on the device via unspecified vectors.

EPSS: 0.014 (80.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cloud Native Computing Foundation (Cncf) Fluentd — versions 0.12.29 through 0.12.40
Fluentd — versions 0.12.29, 0.12.30, 0.12.31
Redhat Openstack — versions 13

References

vultures@jpcert.or.jp (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
vultures@jpcert.or.jp (VDB Entry, Third Party Advisory, x_refsource_MISC, Issue Tracking)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Third Party Advisory, Release Notes, Issue Tracking)
vultures@jpcert.or.jp (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)

Frequently asked questions

What is CVE-2017-10906?: CVE-2017-10906 is a critical-severity vulnerability in Cloud Native Computing Foundation (Cncf) Fluentd. CVSS score: 9.8/10. Published 2017-12-08.
How severe is CVE-2017-10906?: Critical severity. CVSS v3 base score is 9.8 out of 10.