CVE-2016-1000222 — Argument Injection in Logstash

CWE-88 — Argument Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 42.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Logstash
Timeline
PublishedJun 16
Latest updateMay 14

Description

Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

â–¶NVDelastic/logstash2.1.1

🔴Vulnerability Details

2
GHSA
GHSA-6wg5-46xg-947r: Logstash prior to version 2↗2022-05-14
â–¶
CVEList
CVE-2016-1000222: Logstash prior to version 2↗2017-06-16
â–¶
CVE-2016-1000222 — Argument Injection in Elastic | cvebase