Replies: 1 comment 1 reply
-
|
Ah this was confusing - so the CVE has been resolved and this is just telling people to update to a later version to pick it up. That's good advice in general. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
And to further clarify you need an HTTP input or one of the other inputs based on it, on an older version to be exploitable. I think that's my understanding - the blog post does not show a Fluent Bit configuration only the HTTP exploit code. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
In fluent-bit versions 2.1.8 through 2.2.1 HTTP requests are not properly verified before being processed Resulting in a DOS from anyone that can directly hit the HTTP endpoint. POC's are available. Fluent-bit HTTP should not be exposed publicly, and any instances you have should be updated to at least version 2.2.2 to resolve this issue.
https://medium.com/@adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00
Beta Was this translation helpful? Give feedback.
All reactions