High vulnerability CVE-2008-4318 on td-agent 4.2.0 observer gem

treasure-data / omnibus-td-agent

td-agent (Fluentd) Packaging Scripts

https://docs.treasuredata.com/articles/td-agent-changelog

Apache License 2.0

82 stars 131 forks source link

High vulnerability CVE-2008-4318 on td-agent 4.2.0 observer gem #289

Closed chaitrahegde115 closed 3 years ago

chaitrahegde115 commented 3 years ago

Hi, I am using td-agent 4.2.0 rpm in k8s environment. Default gem observer version is 0.1.0 and Ruby version is 2.7.4. CVE-2008-4318 is reported on it. Can you please help me understand the impact of this vulnerability on td-agent?

[root]# td-agent-gem list  | grep observer
observer (default: 0.1.0)

ashie commented 3 years ago

CVE-2008-4318

It's false positive, it's not about Ruby's observe gem: https://nvd.nist.gov/vuln/detail/CVE-2008-4318

BTW, for td-agnet 4, please report issues to https://github.com/fluent-plugins-nursery/fluent-package-builder/issues instead of here.