logstash

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Tool for managing events and logs
Version	7.10.1-1 [community]

Open

Group	Affected	Fixed	Severity	Status	Ticket
AVG-2425	7.10.1-1		High	Vulnerable
AVG-2141	7.10.1-1		High	Vulnerable
AVG-1730	7.10.1-1		High	Vulnerable	FS#70138

Issue	Group	Severity	Remote	Type	Description
CVE-2021-41098	AVG-2425	High	Yes	Xml external entity injection	In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted...
CVE-2021-32066	AVG-2141	High	Yes	Silent downgrade	A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an...
CVE-2021-31810	AVG-2141	Medium	Yes	Information disclosure	A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into...
CVE-2021-22138	AVG-1730	High	Yes	Certificate verification bypass	A TLS certificate validation flaw was found in the monitoring feature of Logstash versions 6.4.0 and before versions 6.8.15 and 7.12.0. When specifying a...

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-913	6.6.0-1	6.6.1-1	High	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2019-7612	AVG-913	High	No	Information disclosure	A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration,...

Advisories

Date	Advisory	Group	Severity	Type
25 Feb 2019	ASA-201902-28	AVG-913	High	information disclosure