AVG-2425 - logstash - Arch Linux
AVG-2425 log
| Package | logstash |
| Status | Vulnerable |
| Severity | High |
| Type | xml external entity injection |
| Affected | 7.10.1-1 |
| Fixed | Unknown |
| Current | 7.10.1-1 [community] |
| Ticket | Create |
| Created | Tue Sep 28 08:55:02 2021 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2021-41098 | High | Yes | Xml external entity injection | In Nokogiri v1.12.4 and earlier, on JRuby only, the SAX parser resolves external entities by default. Users of Nokogiri on JRuby who parse untrusted... |
| Notes |
|---|
Logstash version 7.10.1 bundles Nokogiri version 1.10.10 for JRuby. |