GHSA-qwrx-45xf-jjf7

Опубликовано: 26 окт. 2023

Источник: github

Github: Прошло ревью

CVSS3: 6.5

Описание

Elasticsearch vulnerable to stack overflow in the search API

A flaw was discovered in Elasticsearch affecting the _search API that allowed a specially crafted query string to cause a stack overflow and ultimately a denial of service.

Ссылки

Пакеты

Наименование

org.elasticsearch:elasticsearch

maven

Затронутые версииВерсия исправления

>= 7.0.0, < 7.17.13

7.17.13

Наименование

org.elasticsearch:elasticsearch

maven

Затронутые версииВерсия исправления

>= 8.0.0, < 8.9.1

8.9.1

EPSS

Процентиль: 95%

0.19041

Средний

6.5 Medium

CVSS3

CVE ID

CVE-2023-31419

Дефекты

CWE-121

CWE-787

Связанные уязвимости

CVE-2023-31419

CVSS3: 6.5

ubuntu

больше 2 лет назад

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

CVE-2023-31419

CVSS3: 7.5

redhat

больше 2 лет назад

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

CVE-2023-31419

CVSS3: 6.5

nvd

больше 2 лет назад

A flaw was discovered in Elasticsearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

CVE-2023-31419

CVSS3: 6.5

debian

больше 2 лет назад

A flaw was discovered in Elasticsearch, affecting the _search API that ...

BDU:2023-05895

CVSS3: 6.5

fstec

больше 2 лет назад

Уязвимость компонента API _search поисковой системы Elasticsearch, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 95%

0.19041

Средний

6.5 Medium

CVSS3

CVE ID

CVE-2023-31419

Дефекты

CWE-121

CWE-787