logstash-core 1.5.0.rc3.snapshot2-java

4 security vulnerabilities found in version 1.5.0.rc3.snapshot2-java

Logstash Logs Sensitive Information

high severity CVE-2016-1000221
high severity CVE-2016-1000221
Patched versions: >= 2.3.4

Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.

Logstash: SSL/TLS FREAK Attack

high severity CVE-2015-5378
high severity CVE-2015-5378
Patched versions: ~> 1.4.4, >= 1.5.3

Logstash: SSL/TLS FREAK Attack: Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.

Logstash Logs Sensitive Information

medium severity CVE-2016-10362
medium severity CVE-2016-10362
Patched versions: >= 5.0.1

Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.

Logstash: Man-In-The Middle attack

medium severity CVE-2015-5619
medium severity CVE-2015-5619
Patched versions: ~> 1.4.5, >= 1.5.4

Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.

No officially reported memory leakage issues detected.


This gem version does not have any officially reported memory leaked issues.

No license issues detected.


This gem version has a license in the gemspec.

This gem version is available.


This gem version has not been yanked and is still available for usage.