CVE-2024-23450

Опубликовано: 27 мар. 2024

Источник: redhat

CVSS3: 4.9

Описание

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

A flaw was found in elasticsearch. Trying to process a document in a deeply nested pipeline may cause the related ingest node to crash, resulting in a Denial of Service.

Затронутые пакеты

Платформа	Пакет	Состояние
Logging Subsystem for Red Hat OpenShift	openshift-logging/fluentd-rhel8	Not affected
Logging Subsystem for Red Hat OpenShift	openshift-logging/kibana6-rhel8	Not affected
Red Hat OpenStack Platform 16.1	openstack-panko	Not affected
Red Hat OpenStack Platform 16.2	openstack-panko	Not affected
Red Hat Quay 3	quay/quay-rhel8	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=2271933elasticsearch: Possible denial of service when processing documents in a deeply nested pipeline

4.9 Medium

CVSS3

Связанные уязвимости

CVE-2024-23450

CVSS3: 4.9

ubuntu

почти 2 года назад

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

CVE-2024-23450

CVSS3: 4.9

nvd

почти 2 года назад

A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.

CVE-2024-23450

CVSS3: 4.9

debian

почти 2 года назад

A flaw was discovered in Elasticsearch, where processing a document in ...

GHSA-w5gg-2q56-6h4f

CVSS3: 4.9

github

почти 2 года назад

Elasticsearch Uncontrolled Resource Consumption vulnerability

BDU:2024-02658

CVSS3: 4.9

fstec

около 2 лет назад

Уязвимость поисковой системы Elasticsearch, связанная с неконтролируемым расходом ресурсов, позволяющая нарушителю вызвать отказ в обслуживании

4.9 Medium

CVSS3