CVE-2019-7620

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
30/10/2019
Last modified:
09/10/2020

Description

Logstash versions before 7.4.1 and 6.8.4 contain a denial of service flaw in the Logstash Beats input plugin. An unauthenticated user who is able to connect to the port the Logstash beats input could send a specially crafted network packet that would cause Logstash to stop responding.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:* 6.0.0 (including) 6.8.4 (excluding)
cpe:2.3:a:elastic:logstash:*:*:*:*:*:*:*:* 7.0.0 (including) 7.4.1 (excluding)