logstash-9.2-with-output-opensearch

Direct Vulnerabilities

Known vulnerabilities in the logstash-9.2-with-output-opensearch package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L CRLF Injection	<9.2.8-r1
L Resource Exhaustion	<9.2.8-r1
C HTTP Request Smuggling	<9.2.8-r1
H HTTP Request Smuggling	<9.2.8-r1
L GHSA-v2fc-qm4h-8hqv	*
L Resource Exhaustion	<9.2.8-r1
L Integer Overflow or Wraparound	<9.2.8-r1
L GHSA-c4rq-3m3g-8wgx	*
C HTTP Request Smuggling	<9.2.8-r1
H NULL Pointer Dereference	<9.2.3-r0
L CVE-2026-42501	<9.2.3-r0
H Loop with Unreachable Exit Condition ('Infinite Loop')	<9.2.3-r0
L Improper Encoding or Escaping of Output	<9.2.3-r0
L CVE-2026-42499	<9.2.3-r0
H Allocation of Resources Without Limits or Throttling	<9.2.3-r0
M Link Following	<9.2.3-r0
M Out-of-bounds Write	<9.2.3-r0
H Double Free	<9.2.3-r0
L Cross-site Scripting (XSS)	<9.2.3-r0
L CVE-2026-39825	<9.2.3-r0
M Allocation of Resources Without Limits or Throttling	*
H Missing Report of Error Condition	*
H Algorithmic Complexity	*
C Arbitrary Command Injection	*
L Resource Exhaustion	*
M Improper Validation of Syntactic Correctness of Input	*
M Interpretation Conflict	*
L Resource Exhaustion	*
H Resource Exhaustion	*
L Permissive Regular Expression	*
L Inefficient Regular Expression Complexity	*
M CRLF Injection	*
M Improper Handling of Length Parameter Inconsistency	*
H Permissive Regular Expression	*
L Incorrect Behavior Order: Validate Before Canonicalize	*
H Resource Exhaustion	*
M Interpretation Conflict	*
C Improper Authentication	*
L Partial Comparison	*
M Improper Validation of Certificate with Host Mismatch	*
H Improper Encoding or Escaping of Output	*
L CVE-2026-5588	*
L CVE-2026-0636	*
H Improper Output Neutralization for Logs	*
H Improper Encoding or Escaping of Output	*
L CVE-2026-5598	*
L Protection Mechanism Failure	*
L Information Exposure Through Server Log Files	<9.2.8-r0
H Access of Resource Using Incompatible Type ('Type Confusion')	<9.2.3-r0
C CVE-2026-27143	<9.2.3-r0
L Race Condition	<9.2.8-r0
H Allocation of Resources Without Limits or Throttling	<9.2.3-r0
H Improper Certificate Validation	<9.2.3-r0
M Allocation of Resources Without Limits or Throttling	<9.2.3-r0
L CVE-2026-32280	<9.2.3-r0
M Cross-site Scripting (XSS)	<9.2.3-r0
H Incorrect Authorization	<9.2.3-r0
M Link Following	<9.2.3-r0
C Use of Externally-Controlled Format String	<9.2.8-r0
L HTTP Request Smuggling	<9.2.8-r0
L Uncontrolled Recursion	<9.2.7-r0
L GHSA-72hv-8253-57qq	*
L Directory Traversal	<9.2.3-r0
L Cross-site Scripting (XSS)	<9.2.3-r0
L Direct Request ('Forced Browsing')	<9.2.3-r0
L Directory Traversal	<9.2.6-r0
L Arbitrary Code Injection	*
L Cross-site Scripting (XSS)	<9.2.6-r0
L GHSA-wx95-c6cv-8532	*
L Server-Side Request Forgery (SSRF)	<9.2.6-r0
C CVE-2025-68121	<9.2.3-r0
L CVE-2025-61732	<9.2.3-r0
L CVE-2025-61731	<9.2.3-r0
L CVE-2025-61730	<9.2.3-r0
L Allocation of Resources Without Limits or Throttling	<9.2.3-r0
L Out-of-bounds Write	<9.2.3-r0
L Allocation of Resources Without Limits or Throttling	<9.2.3-r0
H Information Exposure	*
M Improper Certificate Validation	<9.2.7-r0
L CVE-2025-14762	*
L CRLF Injection	<9.2.3-r0
L Improper Certificate Validation	<9.2.2-r0
L Improper Certificate Validation	<9.2.2-r0
M Resource Exhaustion	*
H Inefficient Regular Expression Complexity	<9.2.1-r0

logstash-9.2-with-output-opensearch

Direct Vulnerabilities

Fix vulnerabilities automatically