products / fluentd
Fluentd
Fluentd is a log collection and forwarding daemon, widely deployed as the default log aggregator in Kubernetes clusters. It processes every container log stream on the node. NVD tracks it as fluentd:fluentd with semver-style version ranges.
api usage
Querying Fluentd
product slug
fluentdversion format
1.15.0, 1.14.0bash
curl "https://api.attestd.io/v1/check?product=fluentd&version=1.15.0" \
-H "Authorization: Bearer $ATTESTD_KEY"Fluentd 1.15.0 is affected by CVE-2022-39379 (HTTP request smuggling via crafted chunked encoding in the HTTP input plugin). The aggregated response expects risk_state: "high".
json
{
"product": "fluentd",
"version": "1.15.0",
"supported": true,
"risk_state": "high",
"risk_factors": [
"request_smuggling",
"internet_exposed_service",
"patch_available"
],
"actively_exploited": false,
"remote_exploitable": true,
"authentication_required": false,
"patch_available": true,
"fixed_version": "1.15.3",
"confidence": 0.85,
"cve_ids": ["CVE-2022-39379"],
"last_updated": "2026-05-27T00:00:00Z"
}safe version
Fluentd 1.17.0 is used as a patched-line example; confirm with live /v1/check after ingestion.
bash
curl "https://api.attestd.io/v1/check?product=fluentd&version=1.17.0" \
-H "Authorization: Bearer $ATTESTD_KEY"notable cves
CVE history
Fluentd CVE history is thinner than Grafana or Zabbix but includes HTTP request smuggling in input plugins, denial of service via crafted log payloads, and deserialization issues in filter plugins.
| CVE | Description | Affects | CVSS |
|---|---|---|---|
CVE-2022-39379 | HTTP request smuggling via crafted chunked transfer encoding in the Fluentd HTTP input plugin. | 1.15.0 to 1.15.2 | 7.5 |
CVE-2021-43791 | Denial of service via crafted log payloads causing unbounded memory allocation in buffer plugins. | before 1.14.4 | 7.5 |
CVE-2020-28169 | Deserialization of untrusted data in Fluentd exec filter plugin allowing command injection. | before 1.11.2 | 8.8 |
related