GHSA SYNC: 2 brand new advisories

Author: jasnow

gems/logstash-event/CVE-2014-4326.yml

@@ -0,0 +1,23 @@
+---
+gem: logstash-event
+cve: 2014-4326
+ghsa: 8qhq-rq4j-8prj
+url: https://www.elastic.co/community/security
+title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands
+date: 2022-05-14
+description: |
+  Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows
+  remote attackers to execute arbitrary commands via a crafted
+  event in (1) `zabbix.rb` or (2) `nagios_nsca.rb` in `outputs/`.
+cvss_v2: 7.5
+unaffected_versions:
+  - "< 1.0.14"
+patched_versions:
+  - ">= 1.4.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-4326
+    - https://www.elastic.co/community/security
+    - https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2
+    - https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded
+    - https://github.com/advisories/GHSA-8qhq-rq4j-8prj

gems/logstash/CVE-2014-4326.yml

@@ -0,0 +1,23 @@
+---
+gem: logstash
+cve: 2014-4326
+ghsa: 8qhq-rq4j-8prj
+url: https://www.elastic.co/community/security
+title: Elasticsearch Logstash allows remote attackers to execute arbitrary commands
+date: 2022-05-14
+description: |
+  Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows
+  remote attackers to execute arbitrary commands via a crafted
+  event in (1) `zabbix.rb` or (2) `nagios_nsca.rb` in `outputs/`.
+cvss_v2: 7.5
+unaffected_versions:
+  - "< 1.0.14"
+patched_versions:
+  - ">= 1.4.2"
+related:
+  url:
+    - https://nvd.nist.gov/vuln/detail/CVE-2014-4326
+    - https://www.elastic.co/community/security
+    - https://web.archive.org/web/20140804031140/http://www.elasticsearch.org/blog/logstash-1-4-2
+    - https://web.archive.org/web/20201207013408/http://www.securityfocus.com/archive/1/532841/100/0/threaded
+    - https://github.com/advisories/GHSA-8qhq-rq4j-8prj