CVE-2021-37941
- EPSS 0.03%
- Published 08.12.2021 22:15:08
- Last modified 21.11.2024 06:16:07
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account could use the...
CVE-2021-22133
- EPSS 0.07%
- Published 10.02.2021 19:15:12
- Last modified 21.11.2024 05:49:34
The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to...
CVE-2019-7617
- EPSS 0.21%
- Published 22.08.2019 17:15:10
- Last modified 21.11.2024 04:48:24
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a proxy of t...