BIT-elasticsearch-2024-52979

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2024-52979.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-elasticsearch-2024-52979
Aliases
  • CVE-2024-52979
Published
2025-05-03T05:41:02.354Z
Modified
2025-05-20T10:02:07.006Z
Summary
Elasticsearch Uncontrolled Resource Consumption vulnerability
Details

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*"
    ]
}
References

Affected packages

Bitnami / elasticsearch

Package

Name
elasticsearch
Purl
pkg:bitnami/elasticsearch

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
7.17.0
Fixed
7.17.25
Introduced
8.0.0
Fixed
8.16.0