437 matches found
Elastic Logstash 安全漏洞
Elastic Logstash is a suite of log analysis and monitoring tools from Dutch company Elastic. A security vulnerability exists in Elastic Logstash versions prior to 9.0.1 that stems from improper certificate validation and could lead to a man-in-the-middle attack...
PT-2025-19904 · Logstash · Logstash
Name of the Vulnerable Software and Affected Versions: Logstash affected versions not specified Description: The issue is related to improper certificate validation in Logstash's TCP output, which could lead to a man-in-the-middle MitM attack in "client" mode. This occurs because hostname...
Logstash 8.15.3 Security Update (ESA-2024-38)
Logstash affected by CVE-2024-47561 in Apache Avro ESA-2024-38 On October 3, 2024, CVE-2024-47561 was published, which can lead to execution of arbitrary code. The issue only affects users using the Kafka integration plugin and only if a malicious schema is loaded through the schema registry...
Security Bulletin: Vulnerabilities in Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-47561,CVE-2023-39410)
Summary There are deserialization of untrusted data and input validation vulnerabilities in Logstash that affect IBM Operations Analytics - Log Analysis. These have been addressed Vulnerability Details CVEID:CVE-2024-47561 DESCRIPTION: Apache Avro could allow a remote authenticated attacker to...
Security Bulletin: Vulnerability in Puma used by Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-45614)
Summary There is a potential HTTP request smuggling in Puma that affect Logstash used by IBM Operations Analytics - Log Analysis. Vulnerability Details CVEID:CVE-2024-45614 DESCRIPTION: Puma is vulnerable to HTTP request smuggling, caused by improper parsing of the HTTP X-Forwarded-For header. By...
Security Bulletin: A vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis (CVE-2024-56128)
Summary There is a Kafka vulnerability in Logstash shipped with IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-56128 DESCRIPTION: Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation...
Security Bulletin: Vulnerability in Apache Solr (lucene), Apache ZooKeeper and Logstash affect IBM Operations Analytics - Log Analysis (CVE-2024-9823, CVE-2024-47554)
Summary There is a potential denial of service with Apache Commons IO, Eclipse Jetty that affect Apache Solr lucene, Apache ZooKeeper and Logstash used by IBM Operations Analytics - Log Analysis Vulnerability Details CVEID:CVE-2024-9823 DESCRIPTION: There exists a security vulnerability in Jetty'...
Logstash 8.15.3, 8.16.0 Security Update (ESA-2024-48)
Logstash Inefficient Regular Expression Complexity ESA-2024-48 On October 28th, 2024, Ruby announced CVE-2024-49761 in rexml which can lead to ReDoS when parsing XML that has many digits between & and x...; in a hex numeric character reference &x...;. The issue only affects users that use the...
Logstash 8.15.1 Security Update (ESA-2024-35)
Logstash Uncontrolled Resource Consumption vulnerability ESA-2024-35 On August 19, 2024, Floraison announced CVE-2024-43380, which affects fugit "natural" parser. The parser turns natural language into a cron date and was found to accept any length of input, causing an uncontrolled resource...
GHSA-R3W4-36X6-7R99 vulnerabilities
Vulnerabilities for packages: logstash-jre-bcfips...
CVE-2025-27111 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby4.0-rack, ruby3.2-rack, logstash...
CVE-2025-27111 vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby3.2-rack, logstash, ruby4.0-rack...
GHSA-8CGQ-6MH2-7J6V vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby4.0-rack, ruby3.2-rack, logstash...
GHSA-8CGQ-6MH2-7J6V vulnerabilities
Vulnerabilities for packages: ruby3.4-rack, ruby3.3-rack, ruby3.2-rack, logstash, ruby4.0-rack...
Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)
Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...
GHSA-5MWF-688X-MR7X vulnerabilities
Vulnerabilities for packages: logstash...
GHSA-5MWF-688X-MR7X vulnerabilities
Vulnerabilities for packages: logstash...
Bootiful Spring Boot 3.4: Spring Boot
And now we’re back where we started: Spring Boot 3.4! This release is what pulls everything together. When you look at Spring Boot, remember that it normalizes the integration of all the projects it assembles and tries, wherever possible, to smooth out whatever integration issues might arise from...
GHSA-2X2G-32R7-P4X8 vulnerabilities
Vulnerabilities for packages: prometheus-jmx-exporter, druid, apache-nifi, thingsboard, strimzi-kafka-operator, logstash...
CVE-2024-31141 vulnerabilities
Vulnerabilities for packages: prometheus-jmx-exporter, druid, apache-nifi, thingsboard, strimzi-kafka-operator, logstash...