Vulnerability in Elastic Logstash

CVE-2019-7613

Winlogbeat versions before 5.6.16 and 6.6.2 had an insufficient logging flaw. An attacker able to inject certain characters into a log entry could prevent Winlogbeat from recording the event.

EPSS: 0.002 (39.4th percentile) — read the EPSS interpretation.

Affected products

Elastic Logstash — versions before 5.6.16 and 6.6.2

Weakness classification (CWE)

CWE-778

References

www.elastic.co/community/security (x_refsource_MISC)
discuss.elastic.co/t/elastic-stack-6-6-2-and-5-6-16-security-update/173180 (x_refsource_MISC)