CVE-2016-1000222
HIGHLogstash <2.1.2 - Info Disclosure
Title source: llmDescription
Logstash prior to version 2.1.2, the CSV output can be attacked via engineered input that will create malicious formulas in the CSV data.
References (1)
Scores
CVSS v3
7.5
EPSS
0.0035
EPSS Percentile
57.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Classification
CWE
CWE-88
Status
draft
Affected Products (1)
elastic/logstash
< 2.1.1
Timeline
Published
Jun 16, 2017
Tracked Since
Feb 18, 2026