logstash
logstash copied to clipboard
elastic
Vulnerability found in logstash-oss:8.13.2
On scanning the logstash-oss:8.13.2 docker image, found the below vulnerability in it.
| Type | Severity | CVSS | CVE | Package Name | Package Version | Fix Status |
|---|---|---|---|---|---|---|
| Jar | Critical | 9.8 | CVE-2022-46337 | derby | 10.15.2.1 | fixed in: 10.17.1.0 |
| Jar | High | 7.1 | CVE-2023-2976 | com.google.guava_guava | 25.1-android | fixed in: 32.0.0 |
| Product | Medium | 5.5 | CVE-2022-45146 | java | 17.0.10 | fixed in: 1.0.2.4 |
| Jar | Moderate | 5.3 | CVE-2024-29025 | io.netty_netty-codec-http | 4.1.100.Final | fixed in: 4.1.108.Final |
| Jar | Medium | 4.7 | CVE-2023-35116 | com.fasterxml.jackson.core_jackson-databind | 2.15.2 | fixed in: 2.16.0 |
| Jar | Medium | 4.7 | CVE-2023-35116 | com.fasterxml.jackson.core_jackson-databind | 2.15.3 | fixed in: 2.16.0 |
| Package | Medium | 0 | CVE-2024-28834 | gnutls28 | 3.6.13-2ubuntu1.10 | fixed in: 3.6.13-2ubuntu1.11 |
| Jar | Low | 3.7 | CVE-2020-9488 | org.apache.logging.log4j_log4j | 1.2-api-2 | fixed in: 2.3.2, 2.12.3, 2.13.2 |
| Jar | Low | 3.3 | CVE-2020-8908 | com.google.guava_guava | 25.1-android | fixed in: 32.0.0 |
Thank you for your report.
Elastic's security reporting guidelines are available at https://www.elastic.co/community/security. Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to [email protected]
We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.
