RCE in Elastic Logstash

CVE-2014-4326

Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.009 (75.8th percentile) — read the EPSS interpretation.

Affected products

Elastic Logstash — versions 1.0.14, 1.0.15, 1.0.16
N/a — versions n/a

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

cve@mitre.org (x_refsource_CONFIRM)
20140718 CVE-2014-4326 Remote command execution in Logstash zabbix and nagios_nsca outputs. (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)