PyPI package
elastic-apm
pkg:pypi/elastic-apm
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-37941 | — | >= 1.10.0, < 1.27.0 | 1.27.0 | Dec 8, 2021 | A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a hi | ||
| CVE-2019-7617 | — | < 5.1.0 | 5.1.0 | Aug 22, 2019 | When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing. |
- CVE-2021-37941Dec 8, 2021affected >= 1.10.0, < 1.27.0fixed 1.27.0
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the agent to run commands at a hi
- CVE-2019-7617Aug 22, 2019affected < 5.1.0fixed 5.1.0
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of their choosing.