apk package
chainguard/logstash-9.1-with-output-opensearch
pkg:apk/chainguard/logstash-9.1-with-output-opensearch
Vulnerabilities (49)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-61772 | Hig | 7.5 | < 9.1.5-r1 | 9.1.5-r1 | Oct 7, 2025 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incomin | |
| CVE-2025-61771 | Hig | 7.5 | < 9.1.5-r1 | 9.1.5-r1 | Oct 7, 2025 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request | |
| CVE-2025-61770 | Hig | 7.5 | < 9.1.5-r1 | 9.1.5-r1 | Oct 7, 2025 | Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid | |
| CVE-2025-58767 | Med | 5.3 | < 9.1.10-r3 | 9.1.10-r3 | Sep 17, 2025 | REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches | |
| CVE-2025-58057 | Hig | 7.5 | < 9.1.3-r2 | 9.1.3-r2 | Sep 4, 2025 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s | |
| CVE-2025-58056 | Hig | 7.5 | < 9.1.3-r2 | 9.1.3-r2 | Sep 3, 2025 | Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a ch | |
| CVE-2025-27221 | Low | 3.2 | < 9.1.10-r3 | 9.1.10-r3 | Mar 4, 2025 | In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | |
| CVE-2025-27220 | Med | 4.0 | < 9.1.10-r3 | 9.1.10-r3 | Mar 4, 2025 | In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. | |
| CVE-2025-27219 | Med | 5.8 | < 9.1.10-r3 | 9.1.10-r3 | Mar 4, 2025 | In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource |
- affected < 9.1.5-r1fixed 9.1.5-r1
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line (`CRLFCRLF`). The parser keeps appending incomin
- affected < 9.1.5-r1fixed 9.1.5-r1
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, ``Rack::Multipart::Parser` stores non-file form fields (parts without a `filename`) entirely in memory as Ruby `String` objects. A single large text field in a multipart/form-data request
- affected < 9.1.5-r1fixed 9.1.5-r1
Rack is a modular Ruby web server interface. In versions prior to 2.2.19, 3.1.17, and 3.2.2, `Rack::Multipart::Parser` buffers the entire multipart preamble (bytes before the first boundary) in memory without any size limit. A client can send a large preamble followed by a valid
- affected < 9.1.10-r3fixed 9.1.10-r3
REXML is an XML toolkit for Ruby. The REXML gems from 3.3.3 to 3.4.1 has a DoS vulnerability when parsing XML containing multiple XML declarations. If you need to parse untrusted XMLs, you may be impacted to these vulnerabilities. The REXML gem 3.4.2 or later include the patches
- affected < 9.1.3-r2fixed 9.1.3-r2
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In netty-codec-compression versions 4.1.124.Final and below, and netty-codec versions 4.2.4.Final and below, when supplied with s
- affected < 9.1.3-r2fixed 9.1.3-r2
Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters (LF) as a ch
- affected < 9.1.10-r3fixed 9.1.10-r3
In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
- affected < 9.1.10-r3fixed 9.1.10-r3
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
- affected < 9.1.10-r3fixed 9.1.10-r3
In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource
Page 3 of 3