AVG-2425 log

Package logstash
Status Vulnerable
Severity High
Type xml external entity injection
Affected 7.10.1-1
Fixed Unknown
Current 7.10.1-1 [community]
Ticket Create
Created Tue Sep 28 08:55:02 2021
Issue Severity Remote Type Description
CVE-2021-41098 High Yes Xml external entity injection
In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted...
Logstash version 7.10.1 bundles Nokogiri version 1.10.10 for JRuby.