Updated advisory posts against rubysec/ruby-advisory-db@6140107

jasnow · RubySec CI · commit c6ae4cb0f505 · 2025-04-15T19:00:55.000Z
diff --git a/advisories/_posts/2022-05-14-CVE-2014-4326.md b/advisories/_posts/2022-05-14-CVE-2014-4326.md
@@ -0,0 +1,31 @@
+---
+layout: advisory
+title: 'CVE-2014-4326 (logstash): Elasticsearch Logstash allows remote attackers to
+  execute arbitrary commands'
+comments: false
+categories:
+- logstash
+advisory:
+  gem: logstash
+  cve: 2014-4326
+  ghsa: 8qhq-rq4j-8prj
+  url: https://www.elastic.co/community/security
+  title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands
+  date: 2022-05-14
+  description: |
+    Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows
+    remote attackers to execute arbitrary commands via a crafted
+    event in (1) `zabbix.rb` or (2) `nagios_nsca.rb` in `outputs/`.
+  cvss_v2: 7.5
+  unaffected_versions:
+  - "< 1.0.14"
+  patched_versions:
+  - ">= 1.4.2"
+  related:
+    url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-4326
+    - https://www.elastic.co/community/security
+    - https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2
+    - https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded
+    - https://github.com/advisories/GHSA-8qhq-rq4j-8prj
+---
