Elasticsearch Logstash allows remote attackers to execute arbitrary commands

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in 1 zabbix.rb or 2 nagiosnsca.rb in outputs/...

CVE-2014-4326

CVE-2014-4326 affects Elastic/Logstash prior to 1.4.2 when configured with the Zabbix or Nagios outputs. A crafted event sent to the outputs/ handlers (zabbix.rb or nagios_nsca.rb) allows remote code execution, enabling an attacker to run arbitrary OS commands. Affected versions are Logstash 1.0....