BIT-elasticsearch-2024-23449

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2024-23449.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-elasticsearch-2024-23449

Aliases

CVE-2024-23449
GHSA-pw39-f3m5-cxfc

Published

2024-05-14T07:17:25.293Z

Modified

2024-07-18T07:56:34.499Z

Summary

[none]

Details

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.

Database specific

{
    "cpes": [
        "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*"
    ],
    "severity": "Medium"
}

References

https://discuss.elastic.co/t/elasticsearch-8-11-1-security-update-esa-2024-05/356458

Affected packages

Bitnami / elasticsearch

Package

Name: elasticsearch
Purl: pkg:bitnami/elasticsearch

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

8.4.0

Fixed

8.11.1