CVE-2014-4326OS Command Injection in Logstash

CWE-78OS Command Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Logstash
Timeline
PublishedJul 22
Latest updateMay 14

Description

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

RubyGemselastic/logstash1.0.141.4.2
NVDelastic/logstash27 versions+26

🔴Vulnerability Details

3
GHSA
Elasticsearch Logstash allows remote attackers to execute arbitrary commands2022-05-14
OSV
Elasticsearch Logstash allows remote attackers to execute arbitrary commands2022-05-14
CVEList
CVE-2014-4326: Elasticsearch Logstash 12014-07-22
CVE-2014-4326 — OS Command Injection in Elastic | cvebase