CVE-2021-22144
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-22144
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-22144.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2021-22144
- Aliases
- Downstream
- Published
- 2021-07-26T12:15:08Z
- Modified
- 2025-10-15T12:28:33.292624Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
- References
Affected packages
Git / github.com/elastic/elasticsearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/elastic/elasticsearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.13.0
v0.14.0
v0.15.0
v0.16.0
v0.17.0
v0.18.0
v0.19.0
v0.19.0.RC1
v0.19.0.RC2
v0.19.0.RC3
v0.20.0.RC1
v0.4.0
v0.5.0
v0.5.1
v0.6.0
v0.7.0
v0.7.1
v0.8.0
v0.9.0
v0.90.0
v0.90.0.Beta1
v0.90.0.RC1
v0.90.0.RC2
v1.*
v1.0.0.Beta1
v1.0.0.Beta2
v1.0.0.RC1
v5.*
v5.0.0-alpha1
v5.0.0-alpha2
v5.0.0-alpha3
v5.0.0-alpha4
v5.0.0-alpha5
v6.*
v6.0.0-alpha1
v6.0.0-alpha2
v6.7.0
v6.7.1
v6.7.2
v6.8.0
v6.8.1
v6.8.10
v6.8.11
v6.8.12
v6.8.13
v6.8.14
v6.8.15
v6.8.16
v6.8.2
v6.8.3
v6.8.4
v6.8.5
v6.8.6
v6.8.7
v6.8.8
v6.8.9
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
"signature_type": "Line",
"target": {
"file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"
},
"digest": {
"threshold": 0.9,
"line_hashes": [
"46306908087834685596391033629543643063",
"309639364621793396813014594316873131855",
"29128284626522818738713589723885160495",
"161871899510850400620560954403845436989",
"11189868176976358190645651809106375237",
"252283072025772185312066259196494384069",
"186764478831357170795648974055168900478",
"16834889254463775560960843331988962190",
"336340090449089775032792466573808690249",
"120694549646089050654449180204196627811",
"91447881726955768689021406281828727085",
"169835636148755964864088097702761135007",
"164818499281119662862618001252267262545",
"142654126224155807598745608946083563969",
"113745486366100676625722287093107010606",
"159318981080328462933766738409863797493",
"313525545417608629117318777636242382908",
"309751647087901041984143822284033753378",
"101508310946298798877821549722829592093",
"183220078846225271179781572169631705799"
]
},
"id": "CVE-2021-22144-094892b5"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
"signature_type": "Function",
"target": {
"function": "Grok",
"file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"
},
"digest": {
"function_hash": "78606588141394941292377601035551429948",
"length": 511.0
},
"id": "CVE-2021-22144-729625b6"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
"signature_type": "Function",
"target": {
"function": "forbidCircularReferences",
"file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"
},
"digest": {
"function_hash": "314977716389471019717029041633733458541",
"length": 338.0
},
"id": "CVE-2021-22144-743d25e2"
},
{
"signature_version": "v1",
"deprecated": false,
"source": "https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82",
"signature_type": "Function",
"target": {
"function": "innerForbidCircularReferences",
"file": "libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"
},
"digest": {
"function_hash": "331130921924370190697642416796273392643",
"length": 1164.0
},
"id": "CVE-2021-22144-e1f0827d"
}
]