Lucene search
K

437 matches found

Vulnrichment
Vulnrichment
added 2026/04/08 4:50 p.m.5 views

CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

8.1CVSS6.6AI score0.00545EPSS
Exploits0References1
CVE
CVE
added 2026/04/08 4:50 p.m.35 views

CVE-2026-33466

CVE-2026-33466 affects Logstash by improper limitation of a pathname to a restricted directory (CWE-22). The archive extraction utilities do not validate file paths inside archives, allowing a crafted archive served via an attacker-controlled update endpoint to write arbitrary files with Logstash...

9.8CVSS6.6AI score0.00545EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/04/08 4:50 p.m.24 views

CVE-2026-33466 Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write

Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The archive extraction utilities used by Logstash do not properly validate file paths within compressed...

8.1CVSS0.00545EPSS
Exploits0References1
Elastic
Elastic
added 2026/04/08 4:32 p.m.13 views

Logstash 8.19.14, 9.2.8, 9.3.3 Security Update (ESA-2026-29)

Improper Limitation of a Pathname to a Restricted Directory in Logstash Leading to Arbitrary File Write Improper Limitation of a Pathname to a Restricted Directory CWE-22 in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal CAPEC-139. The...

9.8CVSS6.6AI score0.00545EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.4 views

PT-2026-31346

Name of the Vulnerable Software and Affected Versions Logstash affected versions not specified Description Logstash is susceptible to a flaw where improper validation of file paths within compressed archives can lead to arbitrary file write and potential remote code execution through Relative Pat...

8.1CVSS6.5AI score0.00545EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/04/08 12:0 a.m.8 views

Elastic Logstash 安全漏洞

Elastic Logstash is a set of log analysis and monitoring tools developed by the Dutch company Elastic. There is a security vulnerability in Elastic Logstash, which stems from improper path restrictions. This vulnerability could allow arbitrary file writes and remote code execution...

9.8CVSS6.2AI score0.00545EPSS
Exploits0References2
OSV
OSV
added 2026/04/01 10:2 a.m.4 views

CLEANSTART-2026-FO41609 Security fixes for CVE-2025-48924, ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j288-q9x7-2f5v, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 8.19.12-r0, 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.3CVSS6.8AI score0.02164EPSS
Exploits0References20
OSV
OSV
added 2026/04/01 10:2 a.m.7 views

CLEANSTART-2026-JO97977 Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.9AI score
Exploits0References17
OSV
OSV
added 2026/04/01 9:28 a.m.6 views

CLEANSTART-2026-GY92571 Security fixes for ghsa-22h5-pq3x-2gf2, ghsa-33mh-2634-fwr2, ghsa-4cx2-fc23-5wg6, ghsa-6xw4-3v39-52mm, ghsa-72hv-8253-57qq, ghsa-72qj-48g4-5xgx, ghsa-c2f4-jgmc-q2r5, ghsa-gh9q-2xrm-x6qv, ghsa-j4pr-3wm6-xx2r, ghsa-mhwm-jh88-3gjf, ghsa-mr3q-g2mv-mr4q, ghsa-p543-xpfm-54cp, ghsa-vc5p-v9hr-52mj, ghsa-vqg5-3255-v292, ghsa-w9pc-fmgc-vxvw, ghsa-wpv5-97wm-hp9c applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.9AI score
Exploits0References17
Elastic
Elastic
added 2026/03/19 4:53 p.m.9 views

Logstash 8.19.10, 9.1.10, 9.2.4 Security Update (ESA-2026-06)

Sensitive Information in Resource Not Removed Before Reuse in Logstash Leading to Access to Sensitive Information Dependency on Vulnerable Third-Party Component CWE-1395 exists in org.lz4:lz4-java decompression library used by logstash-integration-kafka plugin in Logstash that could allow an...

8.2CVSS5.9AI score0.00562EPSS
Exploits0
OSV
OSV
added 2026/03/04 12:43 a.m.3 views

CLEANSTART-2026-XJ84245 Rack is a modular Ruby web server interface

Multiple security vulnerabilities affect the logstash-fips package. Rack is a modular Ruby web server interface. See references for individual vulnerability details...

9.8CVSS5.8AI score0.00868EPSS
Exploits1References25
OSV
OSV
added 2026/03/04 12:39 a.m.5 views

CLEANSTART-2026-EW93264 Security fixes for GHSA-4CX2-FC23-5WG6, GHSA-6XW4-3V39-52MM, GHSA-72QJ-48G4-5XGX, GHSA-MR3Q-G2MV-MR4Q, GHSA-P543-XPFM-54CP, GHSA-VC5P-V9HR-52MJ, GHSA-VQG5-3255-V292 applied in versions: 9.0.8-r2, 9.0.8-r3, 9.0.8-r4, 9.3.0-r1, 9.3.0-r2

Multiple security vulnerabilities affect the logstash-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

5.9AI score
Exploits0References8
Wolfi
Wolfi
added 2026/02/24 1:53 a.m.3 views

GHSA-WHRJ-4476-WVMP vulnerabilities

Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/02/24 1:53 a.m.3 views

GHSA-MXW3-3HH2-X2MH vulnerabilities

Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...

5.9AI score
Exploits0
Wolfi
Wolfi
added 2026/02/24 1:53 a.m.7 views

CVE-2026-25500 vulnerabilities

Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...

5.4CVSS6.3AI score0.00224EPSS
Exploits1
Wolfi
Wolfi
added 2026/02/24 1:53 a.m.7 views

CVE-2026-22860 vulnerabilities

Vulnerabilities for packages: ruby3.3-rack, kube-fluentd-operator, ruby3.3-rails, ruby4.0-rails, ruby3.4-rails, ruby3.2-rails, logstash, ruby4.0-rack, ruby3.4-rack, ruby3.2-rack...

7.5CVSS6.7AI score0.00665EPSS
Exploits1
Chainguard
Chainguard
added 2026/02/02 1:17 p.m.4 views

GHSA-72QJ-48G4-5XGX vulnerabilities

Vulnerabilities for packages: elasticsearch...

5.4AI score
Exploits0
Chainguard
Chainguard
added 2026/02/02 1:17 p.m.25 views

CVE-2025-46551 vulnerabilities

Vulnerabilities for packages: elasticsearch...

7.1CVSS6.4AI score0.0016EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.7 views

CVE-2021-22138

In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could result in a man in...

4.3CVSS6.7AI score0.00459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:47 a.m.10 views

CVE-2022-31520

The Luxas98/logstash-management-api repository through 2020-05-04 on GitHub allows absolute path traversal because the Flask sendfile function is used unsafely...

9.3CVSS7AI score0.01118EPSS
Exploits1References1
Rows per page
Query Builder