GHSA-6g3j-p5g6-992f
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6g3j-p5g6-992f
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-6g3j-p5g6-992f/GHSA-6g3j-p5g6-992f.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6g3j-p5g6-992f
- Published
- 2023-12-01T19:23:32Z
- Modified
- 2024-12-06T05:33:07.576853Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- OpenSearch StackOverflow vulnerability
- Details
-
Impact
A flaw was discovered in OpenSearch, affecting the
_searchAPI that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 (CVE-2023-31419).
Mitigation
Versions 1.3.14 and 2.11.1 contain a fix for this issue.
For more information
If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to aws-security@amazon.com. Please do not create a public GitHub issue.
- Database specific
{ "nvd_published_at": null, "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-12-01T19:23:32Z" }- References
Affected packages
Maven / org.opensearch:opensearch
Package
- Name
- org.opensearch:opensearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opensearch/opensearch
Maven / org.opensearch:opensearch
Package
- Name
- org.opensearch:opensearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.opensearch/opensearch