CVE-2023-46673

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-46673

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-46673.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-46673

Aliases

BIT-elasticsearch-2023-46673
GHSA-285m-vhfq-xx4h

Related

UBUNTU-CVE-2023-46673

Published

2023-11-22T10:15:08Z

Modified

2025-02-18T20:43:37Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

References

https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
https://www.elastic.co/community/security

Affected packages

Git / github.com/elastic/elasticsearch

Affected ranges

Type: GIT
Repo: https://github.com/elastic/elasticsearch
Events: Introduced

b7e28a7232616c7a21bc879a535d801b8553ba77

Fixed

774e3bfa4d52e2834e4d9d8d669d77e4e5c1017f