Vulnerabilities > Elastic > Logstash > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-30 | CVE-2019-7620 | Unspecified vulnerability in Elastic Logstash Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. | 7.5 |
| 2017-06-27 | CVE-2015-5378 | Information Exposure vulnerability in multiple products Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server. | 7.5 |
| 2017-06-16 | CVE-2016-10363 | Improper Resource Shutdown or Release vulnerability in Elastic Logstash Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, a remote attacker crafting malicious Netflow v5, Netflow v9 or IPFIX packets could perform a denial of service attack on the Logstash instance. | 7.5 |
| 2017-06-16 | CVE-2016-1000222 | Argument Injection or Modification vulnerability in Elastic Logstash Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data. | 7.5 |
| 2017-06-16 | CVE-2016-1000221 | Information Exposure vulnerability in Elastic Logstash Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information. | 7.5 |