Graylog is vulnerable to Arbitrary Code Execution. The vulnerability is due to a lack of class validation, which allows an attacker to send a HTTP PUT request to the /api/system/cluster_config/ endpoint which results in the loading of arbitrary classes. This issue can be exploited by an attacker by execute arbitrary…Read More