Описание
OpenSearch is vulnerable to DoS via complex query_string inputs
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.
This issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-9624
- https://github.com/opensearch-project/OpenSearch/pull/19491
- https://fluidattacks.com/advisories/chick
- https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.4
- https://github.com/opensearch-project/OpenSearch/releases/tag/3.3.0
- https://opensearch.org/blog/explore-opensearch-3-3
Пакеты
org.opensearch:opensearch-common
>= 3.0.0, < 3.3.0
3.3.0
org.opensearch:opensearch-common
< 2.19.4
2.19.4
Связанные уязвимости
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs. This issue affects all OpenSearch versions between 3.0.0 and < 3.3.0 and OpenSearch < 2.19.4.
A vulnerability in OpenSearch allows attackers to cause Denial of Serv ...