Skip to content

Commit 6140107

Browse files
jasnowpostmodern
jasnow
authored and
postmodern
committed
GHSA SYNC: 2 brand new advisories
1 parent 4d49a95 commit 6140107

File tree

2 files changed

+46
-0
lines changed

2 files changed

+46
-0
lines changed

gems/logstash-event/CVE-2014-4326.yml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
gem: logstash-event
3+
cve: 2014-4326
4+
ghsa: 8qhq-rq4j-8prj
5+
url: https://www.elastic.co/community/security
6+
title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands
7+
date: 2022-05-14
8+
description: |
9+
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows
10+
remote attackers to execute arbitrary commands via a crafted
11+
event in (1) `zabbix.rb` or (2) `nagios_nsca.rb` in `outputs/`.
12+
cvss_v2: 7.5
13+
unaffected_versions:
14+
- "< 1.0.14"
15+
patched_versions:
16+
- ">= 1.4.2"
17+
related:
18+
url:
19+
- https://nvd.nist.gov/vuln/detail/CVE-2014-4326
20+
- https://www.elastic.co/community/security
21+
- https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2
22+
- https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded
23+
- https://github.com/advisories/GHSA-8qhq-rq4j-8prj

gems/logstash/CVE-2014-4326.yml

Lines changed: 23 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,23 @@
1+
---
2+
gem: logstash
3+
cve: 2014-4326
4+
ghsa: 8qhq-rq4j-8prj
5+
url: https://www.elastic.co/community/security
6+
title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands
7+
date: 2022-05-14
8+
description: |
9+
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows
10+
remote attackers to execute arbitrary commands via a crafted
11+
event in (1) `zabbix.rb` or (2) `nagios_nsca.rb` in `outputs/`.
12+
cvss_v2: 7.5
13+
unaffected_versions:
14+
- "< 1.0.14"
15+
patched_versions:
16+
- ">= 1.4.2"
17+
related:
18+
url:
19+
- https://nvd.nist.gov/vuln/detail/CVE-2014-4326
20+
- https://www.elastic.co/community/security
21+
- https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2
22+
- https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded
23+
- https://github.com/advisories/GHSA-8qhq-rq4j-8prj

0 commit comments

Comments
 (0)