Logstash CSV Output Vulnerability - CVE pending


Logstash 2.2 and prior versions are vulnerable to a formula based injection, when using the CSV output plugin. This plugin allows users to export data in comma separated values and is susceptible to an attack if the values contained a spreadsheet formula. This vulnerability is not present in the initial installation of Logstash.

Fixed versions:

Version 2.2.0 and 2.1.2 has been patched with a fix that addresses this vulnerability.


Users that currently use Logstash CSV output plugin or may want to use it in the future should upgrade to 2.2.0 or 2.1.2.

Users that do not want to upgrade can address the vulnerability by not using CSV output plugin in their configuration.

We have asked for a CVE number and will update our security announcement webpage with details as soon as we receive it.


Shahmeer Baloch from Maads Security organization discovered this issue.