logstash

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Tool for managing events and logs
Version 7.10.1-1 [community]

Open

Group Affected Fixed Severity Status Ticket
AVG-2141 7.10.1-1 High Vulnerable
AVG-1730 7.10.1-1 High Vulnerable FS#70138
Issue Group Severity Remote Type Description
CVE-2021-32066 AVG-2141 High Yes Silent downgrade
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. Net::IMAP does not raise an exception when StartTLS fails with an...
CVE-2021-31810 AVG-2141 Medium Yes Information disclosure
A security issue has been discovered in Ruby before versions 3.0.2, 2.7.4 and 2.6.8. A malicious FTP server can use the PASV response to trick Net::FTP into...
CVE-2021-22138 AVG-1730 High Yes Certificate verification bypass
A TLS certificate validation flaw was found in the monitoring feature of Logstash versions 6.4.0 and before versions 6.8.15 and 7.12.0. When specifying a...

Resolved

Group Affected Fixed Severity Status Ticket
AVG-913 6.6.0-1 6.6.1-1 High Fixed
Issue Group Severity Remote Type Description
CVE-2019-7612 AVG-913 High No Information disclosure
A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration,...

Advisories

Date Advisory Group Severity Type
25 Feb 2019 ASA-201902-28 AVG-913 High information disclosure