GHSA-qwrx-45xf-jjf7
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qwrx-45xf-jjf7
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/10/GHSA-qwrx-45xf-jjf7/GHSA-qwrx-45xf-jjf7.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-qwrx-45xf-jjf7
- Aliases
- Published
- 2023-10-26T18:30:23Z
- Modified
- 2024-02-22T05:34:21.779794Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Elasticsearch vulnerable to stack overflow in the search API
- Details
-
A flaw was discovered in Elasticsearch affecting the
_searchAPI that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service. - Database specific
{ "severity": "MODERATE", "nvd_published_at": "2023-10-26T18:15:08Z", "github_reviewed_at": "2023-10-30T15:15:50Z", "github_reviewed": true, "cwe_ids": [ "CWE-121", "CWE-787" ] }- References
Affected packages
Maven / org.elasticsearch:elasticsearch
Package
- Name
- org.elasticsearch:elasticsearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch/elasticsearch
Affected versions
7.*
7.0.0
7.0.1
7.1.0
7.1.1
7.2.0
7.2.1
7.3.0
7.3.1
7.3.2
7.4.0
7.4.1
7.4.2
7.5.0
7.5.1
7.5.2
7.6.0
7.6.1
7.6.2
7.7.0
7.7.1
7.8.0
7.8.1
7.9.0
7.9.1
7.9.2
7.9.3
7.10.0
7.10.1
7.10.2
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.13.0
7.13.1
7.13.2
7.13.3
7.13.4
7.14.0
7.14.1
7.14.2
7.15.0
7.15.1
7.15.2
7.16.0
7.16.1
7.16.2
7.16.3
7.17.0
7.17.1
7.17.2
7.17.3
7.17.4
7.17.5
7.17.6
7.17.7
7.17.8
7.17.9
7.17.10
7.17.11
7.17.12
Maven / org.elasticsearch:elasticsearch
Package
- Name
- org.elasticsearch:elasticsearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch/elasticsearch