Replies: 1 comment 1 reply
-
|
Ah this was confusing - so the CVE has been resolved and this is just telling people to update to a later version to pick it up. That's good advice in general. |
Beta Was this translation helpful? Give feedback.
1 reply
-
|
And to further clarify you need an HTTP input or one of the other inputs based on it, on an older version to be exploitable. I think that's my understanding - the blog post does not show a Fluent Bit configuration only the HTTP exploit code. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
In fluent-bit versions 2.1.8 through 2.2.1 HTTP requests are not properly verified before being processed Resulting in a DOS from anyone that can directly hit the HTTP endpoint. POC's are available. Fluent-bit HTTP should not be exposed publicly, and any instances you have should be updated to at least version 2.2.2 to resolve this issue.
https://medium.com/@adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00
Beta Was this translation helpful? Give feedback.
All reactions