GHSA-8699-m855-cwqf
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8699-m855-cwqf
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8699-m855-cwqf/GHSA-8699-m855-cwqf.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8699-m855-cwqf
- Aliases
-
- CVE-2014-6439
- Published
- 2022-05-14T02:51:14Z
- Modified
- 2024-12-04T05:41:40.273745Z
- Summary
- Cross-site scripting in Elasticsearch
- Details
-
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- Database specific
{ "nvd_published_at": "2014-10-10T01:55:00Z", "cwe_ids": [ "CWE-79" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2022-11-03T21:07:52Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2014-6439
- https://www.elastic.co/community/security
- http://packetstormsecurity.com/files/128556/Elasticsearch-1.3.x-CORS-Issue.html
- http://www.elasticsearch.org/blog/elasticsearch-1-4-0-beta-released
- http://www.securityfocus.com/archive/1/533602/100/0/threaded
- http://www.securityfocus.com/bid/70233
Affected packages
Maven / org.elasticsearch:elasticsearch
Package
- Name
- org.elasticsearch:elasticsearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch/elasticsearch
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.0.Beta1
Affected versions
0.*
0.6.0
0.7.0
0.7.1
0.8.0
0.9.0
0.10.0
0.11.0
0.12.0
0.12.1
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.17.8
0.17.9
0.17.10
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.19.0.RC1
0.19.0.RC2
0.19.0.RC3
0.19.0
0.19.1
0.19.2
0.19.3
0.19.4
0.19.5
0.19.6
0.19.7
0.19.8
0.19.9
0.19.10
0.19.11
0.19.12
0.20.0.RC1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.20.6
0.90.0.Beta1
0.90.0.RC1
0.90.0.RC2
0.90.0
0.90.1
0.90.2
0.90.3
0.90.4
0.90.5
0.90.6
0.90.7
0.90.8
0.90.9
0.90.10
0.90.11
0.90.12
0.90.13
1.*
1.0.0.Beta1
1.0.0.Beta2
1.0.0.RC1
1.0.0.RC2
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9