漏洞类别:Local
漏洞等级: 
漏洞信息
ElasticSearch Logstash is an open source, server-side data processing pipeline that ingests data from a multitude of sources simultaneously, transforms it, and then sends it to your favorite 'stash'. A Directory Traversal vulnerability has been identified in the 'File Output' plugin for Logstash which allows remote attackers to write to arbitrary files via vectors related to dynamic field references in the path option.
Affected Versions:
ElasticSearch Logstash versions prior to 1.4.3
漏洞危害
A remote attacker could exploit this vulnerability to inject malicious codes in arbitrary files and gain access to the system.
解决方案
Customers are advised to upgrade to the lastes version of Logstash. Refer to Logstash Downloads for more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论