BIT-elasticsearch-2024-52979

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2024-52979.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-elasticsearch-2024-52979

Aliases

Published

2025-05-03T05:41:02.354Z

Modified

2025-10-03T09:07:39.166Z

Summary

Elasticsearch Uncontrolled Resource Consumption vulnerability

Details

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

Database specific

{
    "severity": "High",
    "cpes": [
        "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:maven:*:*"
    ]
}

References

Affected packages

Bitnami / elasticsearch

Package

Name: elasticsearch
Purl: pkg:bitnami/elasticsearch

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

7.17.0

Fixed

7.17.25

Introduced

8.0.0

Fixed

8.16.0

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/elasticsearch/BIT-elasticsearch-2024-52979.json"