VYPR

Bitnami package

logstash

pkg:bitnami/logstash

Vulnerabilities (4)

  • CVE-2026-33466HigApr 8, 2026
    affected >= 8.0.0, < 8.19.14fixed 8.19.14

    Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths w

  • CVE-2025-37730MedMay 6, 2025
    affected >= 8.0.0, < 8.18.1fixed 8.18.1

    Improper certificate validation in Logstash's TCP output could lead to a man-in-the-middle (MitM) attack in “client” mode, as hostname verification in TCP output was not being performed when the ssl_verification_mode => full was set.

  • CVE-2023-46672Nov 15, 2023
    affected >= 7.12.1, < 7.12.2fixed 7.12.2

    An issue was identified by Elastic whereby sensitive information is recorded in Logstash logs under specific circumstances. The prerequisites for the manifestation of this issue are: * Logstash is configured to log in JSON format https://www.elastic.co/guide/en/logstash/cur

  • CVE-2021-22138May 13, 2021
    affected >= 6.4.0, < 6.8.15fixed 6.8.15

    In Logstash versions after 6.4.0 and before 6.8.15 and 7.12.0 a TLS certificate validation flaw was found in the monitoring feature. When specifying a trusted server CA certificate Logstash would not properly verify the certificate returned by the monitoring server. This could re