Critical vulns in logstash docker: CVE-2022-46337, CVE-2021-26291

AdrianTT · December 5, 2023, 12:10pm

trivy reports in the logstash:8.11 docker image the following critical vulns:

CVE-2022-46337 in org.apache.derby:derby (derby-10.14.1.0.jar)
CVE-2021-26291 in org.apache.maven:maven-compat (maven-compat-3.3.9.jar), org.apache.maven:maven-core (maven-core-3.3.9.jar)

These CVEs are not listed on the security issues page.
https://www.elastic.co/community/security

There's no acknowledgment of it or recommendations for remediation. Please advise.

Badger · December 5, 2023, 5:11pm

You should enquire via email to security@elastic.co. They will not respond to a request here.

system · January 2, 2024, 5:12pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.