elastic-apm

PyPI2 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting elastic-apmpage 1 of 1

CVE-2019-7617HIGHCVSS 7.2EG 7.2✓ Fixed in 5.1.0
2019-08-22
vulnerable: 1.0.0 ... 5.0.0 (26 versions)
When the Elastic APM agent for Python versions before 5.1.0 is run as a CGI script, there is a variable name clash flaw if a remote attacker can control the proxy header. This could result in an attacker redirecting collected APM data to a…
CVE-2021-37941HIGHCVSS 7.8EG 7.8✓ Fixed in 1.27.0
2021-12-08
A local privilege escalation issue was found with the APM Java agent, where a user on the system could attach a malicious file to an application running with the APM Java agent. Using this vector, a malicious or compromised user account co…

Check whether elastic-apm is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for elastic-apm CVEs against the assets you own.

Start Free Scan →