{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-03T18:36:19.782","vulnerabilities":[{"cve":{"id":"CVE-2022-39379","sourceIdentifier":"security-advisories@github.com","published":"2022-11-02T13:15:13.583","lastModified":"2024-11-21T07:18:10.400","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Fluentd collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. A remote code execution (RCE) vulnerability in non-default configurations of Fluentd allows unauthenticated attackers to execute arbitrary code via specially crafted JSON payloads. Fluentd setups are only affected if the environment variable `FLUENT_OJ_OPTION_MODE` is explicitly set to `object`. Please note: The option FLUENT_OJ_OPTION_MODE was introduced in Fluentd version 1.13.2. Earlier versions of Fluentd are not affected by this vulnerability. This issue was patched in version 1.15.3. As a workaround do not use `FLUENT_OJ_OPTION_MODE=object`."},{"lang":"es","value":"Fluentd recopila eventos de diversas fuentes de datos y los escribe en archivos, RDBMS, NoSQL, IaaS, SaaS, Hadoop, etc. Una vulnerabilidad de ejecución remota de código (RCE) en configuraciones no predeterminadas de Fluentd permite a atacantes no autenticados ejecutar código arbitrario a través de payloads JSON especialmente manipulados. Las configuraciones de Fluentd solo se ven afectadas si la variable de entorno `FLUENT_OJ_OPTION_MODE` se establece explícitamente en `object`. Tenga en cuenta: la opción FLUENT_OJ_OPTION_MODE se introdujo en la versión 1.13.2 de Fluentd. Las versiones anteriores de Fluentd no se ven afectadas por esta vulnerabilidad. Este problema se solucionó en la versión 1.15.3. Como workaround alternativo, no utilice `FLUENT_OJ_OPTION_MODE=object`."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N","baseScore":3.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-502"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*","versionStartIncluding":"1.13.2","versionEndExcluding":"1.15.3","matchCriteriaId":"242E386A-FF76-40A5-908E-A4D7C13D7DD7"}]}]},{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","matchCriteriaId":"E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}],"references":[{"url":"https://github.com/fluent/fluentd/commit/48e5b85dab1b6d4c273090d538fc11b3f2fd8135","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-fppq-mj76-fpj2","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYD5QV66OLDHES6IKVYYM3Y3YID3VVCO/","source":"security-advisories@github.com"},{"url":"https://github.com/fluent/fluentd/commit/48e5b85dab1b6d4c273090d538fc11b3f2fd8135","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/fluent/fluentd/security/advisories/GHSA-fppq-mj76-fpj2","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MYD5QV66OLDHES6IKVYYM3Y3YID3VVCO/","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}