elastic_apm is vulnerable to arbitrary proxy redirection. A variable name precedence bug due to the way HTTP_PROXY
and HTTPS_PROXY
are parsed, causes the proxy header to be incorrectly processed. This allows allow a remote attacker to redirect collected APM data to an arbitrary proxy.
CPE | Name | Operator | Version |
---|---|---|---|
elastic-apm | le | 5.0.0 |
discuss.elastic.co/t/elastic-apm-agent-for-python-5-1-0-security-update/196145
github.com/elastic/apm-agent-python/commit/47286d746e05897c6b3af8d465aa56ab1ed8d678
github.com/elastic/apm-agent-python/issues/458
github.com/elastic/apm-agent-python/pull/551
www.elastic.co/community/security#ESA-2019-11
www.elastic.co/community/security/