CNNVD-202511-2646 Information

CNNVD ID

CNNVD-202511-2646

Related CVE

CVE-2025-12972

• CNNVD Published: 2025-11-24

Description (Chinese)

Fluent Bit是Fluent开源的一款使用C语言编写的开源日志处理和分析系统。 Fluent Bit存在安全漏洞，该漏洞源于未正确清理标签值，可能导致路径遍历攻击，使文件写入非预期目录。

Description (English)

Fluent Bit is an open source log processing and analysis system in the C language of the Fluent Open Source. There is a security loophole in Fluent Bit, which stems from an incorrect clean-up of label values, which could lead to a routing of the path and the inclusion of the document in an unexpected directory.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

Fluent

Published

2025-11-24

Last Modified

2026-02-24

References

https://fluentbit.io/announcements/v4.1.0/ https://access.redhat.com/security/cve/cve-2025-12972

Patch

https://github.com/fluent/fluent-bit/releases