fluentd 1.10.2-x86-mingw32
1 security vulnerability
found in version
1.10.2-x86-mingw32
ReDoS vulnerability in parser_apache2
medium severity CVE-2021-41186
medium severity
CVE-2021-41186
Patched versions:
>= 1.14.2
Unaffected versions:
< 0.14.14
Impact
parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.
Patches
v1.14.2
Workarounds
Either of the following:
- Don't use parser_apache2 for parsing logs which cannot guarantee generated by Apache.
- Put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable
FLUENT_PLUGIN
or--plugin
option of fluentd).
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.