GHSA-w5gg-2q56-6h4f

Source

https://github.com/advisories/GHSA-w5gg-2q56-6h4f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/03/GHSA-w5gg-2q56-6h4f/GHSA-w5gg-2q56-6h4f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-w5gg-2q56-6h4f

Aliases

BIT-elasticsearch-2024-23450
CVE-2024-23450

Related

Published

2024-03-27T18:32:38Z

Modified

2024-06-10T18:53:34.943896Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Elasticsearch Uncontrolled Resource Consumption vulnerability

Details

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

Database specific

{
    "nvd_published_at": "2024-03-27T17:15:53Z",
    "cwe_ids": [
        "CWE-400"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-27T21:56:08Z"
}

References

Affected packages

Maven / org.elasticsearch:elasticsearch

Package

Name: org.elasticsearch:elasticsearch; View open source insights on deps.dev
Purl: pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

7.0.0

Fixed

7.17.19

Affected versions

7.*

7.0.0

7.0.1

7.1.0

7.1.1

7.2.0

7.2.1

7.3.0

7.3.1

7.3.2

7.4.0

7.4.1

7.4.2

7.5.0

7.5.1

7.5.2

7.6.0

7.6.1

7.6.2

7.7.0

7.7.1

7.8.0

7.8.1

7.9.0

7.9.1

7.9.2

7.9.3

7.10.0

7.10.1

7.10.2

7.11.0

7.11.1

7.11.2

7.12.0

7.12.1

7.13.0

7.13.1

7.13.2

7.13.3

7.13.4

7.14.0

7.14.1

7.14.2

7.15.0

7.15.1

7.15.2

7.16.0

7.16.1

7.16.2

7.16.3

7.17.0

7.17.1

7.17.2

7.17.3

7.17.4

7.17.5

7.17.6

7.17.7

7.17.8

7.17.9

7.17.10

7.17.11

7.17.12

7.17.13

7.17.14

7.17.15

7.17.16

7.17.17

7.17.18

Maven / org.elasticsearch:elasticsearch

Package

Name: org.elasticsearch:elasticsearch; View open source insights on deps.dev
Purl: pkg:maven/org.elasticsearch/elasticsearch

Affected ranges

Type: ECOSYSTEM
Events: Introduced

8.0.0

Fixed

8.13.0

Affected versions

8.*

8.0.0

8.0.1

8.1.0

8.1.1

8.1.2

8.1.3

8.2.0

8.2.1

8.2.2

8.2.3

8.3.0

8.3.1

8.3.2

8.3.3

8.4.0

8.4.1

8.4.2

8.4.3

8.5.0

8.5.1

8.5.2

8.5.3

8.6.0

8.6.1

8.6.2

8.7.0

8.7.1

8.8.0

8.8.1

8.8.2

8.9.0

8.9.1

8.9.2

8.10.0

8.10.1

8.10.2

8.10.3

8.10.4

8.11.0

8.11.1

8.11.2

8.11.3

8.11.4

8.12.0

8.12.1

8.12.2