A severe vulnerability, tracked as CVE-2024-4323, was found in the Fluent Bit utility, a widely used log processor and forwarder on major cloud platforms. The flaw, named Linguistic Lumberjack, could trigger DoS, disclose information, and potentially result in remote code execution risk. Tenable researchers identified the issue in Fluent Bit's monitoring API, accessible to users or services with API access, allowing for DoS attacks and sensitive information disclosure
By exploiting the /api/v1/traces and /api/v1/trace endpoints with non-string values in the 'inputs' array, memory corruption issues can be triggered. Major organizations like VMware, Cisco, and AWS use Fluent Bit, making this threat significant. https://securityaffairs.com/163480/hacking/fluent-bit-critical-flaw.html