logstash-core 1.5.0.rc3.snapshot4-java
Logstash Logs Sensitive Information
high severity CVE-2016-1000221>= 2.3.4
Logstash prior to version 2.3.4, Elasticsearch Output plugin would log to file HTTP authorization headers which could contain sensitive information.
Logstash: SSL/TLS FREAK Attack
high severity CVE-2015-5378~> 1.4.4, >= 1.5.3
Logstash: SSL/TLS FREAK Attack: Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote attackers to read communications between Logstash Forwarder agent and Logstash server.
Logstash Logs Sensitive Information
medium severity CVE-2016-10362>= 5.0.1
Prior to Logstash version 5.0.1, Elasticsearch Output plugin when updating connections after sniffing, would log to file HTTP basic auth credentials.
Logstash: Man-In-The Middle attack
medium severity CVE-2015-5619~> 1.4.5, >= 1.5.4
Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack output or the Logstash forwarder does not validate SSL/TLS certificates from the Logstash server, which might allow attackers to obtain sensitive information via a man-in-the-middle attack.
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
No license issues detected.
This gem version has a license in the gemspec.
This gem version is available.
This gem version has not been yanked and is still available for usage.