CVE-2022-41917
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-41917
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-41917.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-41917
- Aliases
-
- GHSA-w3rx-m34v-wrqx
- Published
- 2022-11-15T00:00:00Z
- Modified
- 2025-11-17T06:33:10.637192Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- Incorrect Error Handling Allowed Partial File Reads Over REST API in OpenSearch
- Details
-
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a response containing the first line of text from arbitrary files. The list of potentially impacted files is limited to text files with read permissions allowed in the Java Security Manager policy configuration. OpenSearch version 1.3.7 and 2.4.0 contain a fix for this issue. Users are advised to upgrade. There are no known workarounds for this issue.
- Database specific
{ "cwe_ids": [ "CWE-200" ] }- References
Affected packages
Git
github.com/opensearch-project/anomaly-detection
Database specific
vanir_signatures
[
{
"source": "https://github.com/opensearch-project/anomaly-detection/commit/8e430e3b0696b3ae24a21eac953e870d935f5226",
"target": {
"file": "src/test/java/org/opensearch/ad/e2e/DetectionResultEvalutationIT.java"
},
"id": "CVE-2022-41917-e7d96ad0",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"74999161607339369302246486548722013515",
"331654741017039618897214737826080373175",
"242400699683402521130385429679470978515",
"14288849670986151895276425634239014606",
"48293227543804605485749147679819442287",
"233564884399080233060973457834074608021",
"198658597595291339366835687978977130701",
"134069994519578208471988178467839830807",
"14691847253493116405349887254614938751",
"193326693561257596907395285748170354967",
"286696334717236037067817516725650375639",
"187446307405698346313631927133908820728",
"275923403730748353668797899065846350830",
"144868421321935859159718940492258168481"
]
}
},
{
"source": "https://github.com/opensearch-project/anomaly-detection/commit/8e430e3b0696b3ae24a21eac953e870d935f5226",
"target": {
"function": "testValidationWindowDelayRecommendation",
"file": "src/test/java/org/opensearch/ad/e2e/DetectionResultEvalutationIT.java"
},
"id": "CVE-2022-41917-e7efffae",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 1389.0,
"function_hash": "205572322480542887554609209692216585020"
}
}
]
github.com/opensearch-project/opensearch
Affected ranges
- Type
- GIT
- Repo
- https://github.com/opensearch-project/opensearch
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Database specific
vanir_signatures
[
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "StemmerOverrideTokenFilterFactory",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/StemmerOverrideTokenFilterFactory.java"
},
"id": "CVE-2022-41917-05d9bd6d",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 417.0,
"function_hash": "176974878022512646138680582436915705296"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "parseRules",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/MappingCharFilterFactory.java"
},
"id": "CVE-2022-41917-09cbd489",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 494.0,
"function_hash": "234655534862586210842182174774161389895"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getWordList",
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-0e9ff584",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 799.0,
"function_hash": "88126634126320620157864488098999118765"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testDicWithTwoAffs",
"file": "server/src/test/java/org/opensearch/indices/analyze/HunspellServiceTests.java"
},
"id": "CVE-2022-41917-116240ff",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 610.0,
"function_hash": "247457051934937661305705281559170062755"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-nori/src/main/java/org/opensearch/index/analysis/NoriTokenizerFactory.java"
},
"id": "CVE-2022-41917-19116d78",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"111342965222190887246398360631534306301",
"314213417521411404117177557308137211289",
"94106936272375101136004676589287573319",
"231901020282913530368277983952291463318",
"142180796652682541941126198183161634853",
"127519493833669553035969477326873581492",
"162865617468730359127434515065866103672",
"287509750964337186302990266155937830463",
"49210167236648198140836014473033784339",
"3708795397449316613827980399117983365",
"91870396507055745819552458070975730980",
"47729377726454324996260270189455883226",
"236118697461949034406252871206326730742"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/test/java/org/opensearch/analysis/common/StemmerOverrideTokenFilterFactoryTests.java"
},
"id": "CVE-2022-41917-22e0c3ac",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"238245906509329349723715603839852603215",
"17028230288346072987925560726285924699",
"240424514732131381437143796403160248499",
"160903698682844821695177855773641199176",
"124855058070437399375106606500670744982",
"154899492960376457290749091473041394819",
"257191719086897248346711333584707187684",
"253644864609314941455621252531079816327",
"89513911908704162676994613115481800290",
"29482078929401174161431494380169684750",
"215386148324369482393782202969698619728",
"192378398424795873591350786179492768348",
"40430807232335271833546887053579071233",
"334901991776092909769489948295498505946"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testParseFalseEncodedFile",
"file": "server/src/test/java/org/opensearch/index/analysis/AnalysisTests.java"
},
"id": "CVE-2022-41917-28882074",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 879.0,
"function_hash": "115855828352139779029742346715749052541"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getReaderFromFile",
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-3a9154a5",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 713.0,
"function_hash": "120945670448460790037195865160739786898"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getUserDictionary",
"file": "plugins/analysis-nori/src/main/java/org/opensearch/index/analysis/NoriTokenizerFactory.java"
},
"id": "CVE-2022-41917-3b720938",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 800.0,
"function_hash": "171957943375556149250508895480292170947"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testParseWordList",
"file": "server/src/test/java/org/opensearch/index/analysis/AnalysisTests.java"
},
"id": "CVE-2022-41917-3dae37b8",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 640.0,
"function_hash": "290153847048291691121939207496437242561"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "server/src/test/java/org/opensearch/index/analysis/AnalysisTests.java"
},
"id": "CVE-2022-41917-451788d9",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"37061934387948239366692544719229096534",
"127612487483791813091991089876235373158",
"36321218648973790745587000600036981490",
"109735325103922640500952539800260588793",
"298683285382112321220902922421163838972",
"240538298066663835178827037313565865845",
"302531972851800373487841946150445044118",
"131086110612677416770604764193390665887",
"12062320110023806207747479491905466836",
"123455177284972247484902489288137370960",
"183853878965393024253430573682149572872",
"161242952588842604247650657762916286426",
"143970754438833278316735303869965328868",
"47566037716771651447136543167737028235",
"323847966207640075598835552391836471538",
"22085988022948594145128110141525536879",
"14328548511314622699303219089354309388",
"165602267832144671046779749087407243225",
"329496666953436727049301276913781823715",
"203231898793199149841494574283984812821",
"315647487975222571426383376883320167592",
"161242952588842604247650657762916286426",
"143970754438833278316735303869965328868",
"157876672630112024051573293995766650108",
"120693751829003984136755719797054131840",
"189102433056183040316828391935494322964",
"122264963247253988297646500274278089542",
"72356859065838406558285496245082700409",
"195665498930467882486035715066031425588",
"268800007147529371213368512355538191778",
"300078071677405415754812732618047365433",
"261759022143432737711798818070548008091",
"281675560381097858825013703378804411489",
"4637478246387709906002580227878726881",
"46176199648260566777763042262214016383",
"304436143772479784620097084860578271698",
"220384884766955898753250613997706945438",
"236729849018724244947664421848115481538",
"98883658541032263843725713891809812321",
"35499668853966470104479542735550005340"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getRulesFromSettings",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/SynonymTokenFilterFactory.java"
},
"id": "CVE-2022-41917-541a2634",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 590.0,
"function_hash": "203160682539939050573782427771993108387"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "server/src/main/java/org/opensearch/indices/analysis/HunspellService.java"
},
"id": "CVE-2022-41917-54f08af0",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"157469229249374175865480222349086865220",
"324227736695134123109138603874363705876",
"101539224635223024825307862886711495013",
"270995387001976666137375923305495243275"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/HyphenationCompoundWordTokenFilterFactory.java"
},
"id": "CVE-2022-41917-57d6ebe2",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244091166324835402730626674766471783718",
"15956693130578657517637951636896435362",
"277096904657760799872276582338572885934",
"169700062384514619006738139820813612897",
"316973969822417361830246948232985561303",
"289180307723053066888534871769675104521",
"64704788727943400286202823540335161605",
"247574435979821841357687870733583526485",
"254651168105996676658143053295484550090",
"227091858776666336804583974928977129042",
"255910788080936418650856752325365016718",
"10360570338240430743708066078273171880",
"139103498292068076312022285680664235446",
"120141493076481547090857358779093233831",
"237124543231066675957446425160032440226",
"308990146627254914227364106022038418452"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-icu/src/main/java/org/opensearch/index/analysis/IcuCollationTokenFilterFactory.java"
},
"id": "CVE-2022-41917-6ccc4935",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"8637334676429114486231407934531552607",
"79954923989083911961445750088139159465",
"213556183044757006704974324218023505887",
"117633853393980035345904820498679744693",
"98691972171068332028298947727843974787",
"37359668462590302089479088823781144199",
"132296967848889975035524774563608944213",
"162883695896715380259195678011393960054",
"155223959041936722886775148849879939459"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "HunspellService",
"file": "server/src/main/java/org/opensearch/indices/analysis/HunspellService.java"
},
"id": "CVE-2022-41917-7069b718",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 536.0,
"function_hash": "163980734433690175285726516877682400046"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "IcuCollationTokenFilterFactory",
"file": "plugins/analysis-icu/src/main/java/org/opensearch/index/analysis/IcuCollationTokenFilterFactory.java"
},
"id": "CVE-2022-41917-711b2069",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 2934.0,
"function_hash": "325494187407901681186669351684813770066"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/test/java/org/opensearch/analysis/common/SynonymsAnalysisTests.java"
},
"id": "CVE-2022-41917-7eceb2f5",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"238110053788725186697119382936745661564",
"17300697542861091699654502090529740781",
"54840397292105703219957501400086540123",
"76027113146976557928260435841363220175",
"238110053788725186697119382936745661564",
"17300697542861091699654502090529740781",
"54840397292105703219957501400086540123",
"210647803597361337385288974375727318924"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "parseTypes",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/WordDelimiterTokenFilterFactory.java"
},
"id": "CVE-2022-41917-810cd39f",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 1006.0,
"function_hash": "270836075558753518365152013180943528273"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/WordDelimiterTokenFilterFactory.java"
},
"id": "CVE-2022-41917-8a03181e",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318585765218046772063895977455970478002",
"91872981651639375710132422364773390418",
"171718711303146851909307777894282944715",
"295657836886718122990247612433269563922",
"315048917449121983361318385149163243196",
"99366308205554515514950198824610075056",
"64913146282092442741085040720672439963",
"86547588149424788970287961051867558946",
"29788355403474697953800707495961338892",
"214843591462688544502050119427480421499",
"162114699226006645023721870117187065478",
"522801432230570628533889458668094639",
"164703306226308999267278302480693223661",
"236964105288140278168152392302847049126",
"195931617870192447420942566492261615483",
"99357932783270092900857949857048295563",
"142948989365586264067257903933526014006",
"675976327017233430198593901801508769",
"123368313519561905857170691573816339993",
"203717848879959621783603830316651910960",
"251153800209764319864815589809567946762"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "WordDelimiterGraphTokenFilterFactory",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/WordDelimiterGraphTokenFilterFactory.java"
},
"id": "CVE-2022-41917-8a7ecdf9",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 1354.0,
"function_hash": "6172203570953011563483331214116991475"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getWordSet",
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-9a1aaf75",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 240.0,
"function_hash": "317354141074329335650305282285759968709"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-nori/src/main/java/org/opensearch/index/analysis/NoriPartOfSpeechStopFilterFactory.java"
},
"id": "CVE-2022-41917-9a34bb31",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"66629474912797236913588760000762272900",
"226798559644508562663430713761377270021",
"161839223962818366487362154104748824790",
"160274042227712890937659836363791240195"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-kuromoji/src/main/java/org/opensearch/index/analysis/KuromojiTokenizerFactory.java"
},
"id": "CVE-2022-41917-a272a5ad",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"181228663489364133139766858114643120042",
"120607061120944406346174195761203226835",
"220893351690889252686119182032197233984",
"147514276779541550004423516361450761647",
"286327392011281438875947815267927543967",
"252379884439394779079312749964476235500",
"252083029616742640765624727568460147549",
"309330372637873811250998862772112354067",
"198549328882045431417545853394385933717",
"91323175900703052245874480459199492941",
"4266294739694417502314214728029823242",
"123808261289335586862046293089276600383",
"240830173321853121555135313806480264278",
"152530094272200065833547788212772672479",
"237757907165532832009739452121569225929",
"89005493540686198119675041011033458396",
"199440673260883539461782224826673336263",
"238763402527332673544259267894829134303",
"330860716400862088197870346252363622262",
"69941013223447139940546021431662982399",
"64919272567014620794142540440118277440",
"325454549259419460308664519350035465772",
"164257297216251291884124531689506872016",
"157185595051339224055634012853274499823",
"169587942620414669881449215721232269507",
"122405557187669108552953812622837900902",
"64025113360216334112307550789518996255",
"7235158341129684747106987788822314915",
"71131065915106142768883598879945683497",
"88664307501058579781955146348592336599",
"259037845592660136237549331832276205043",
"7811168865606985719952102379508051271",
"123868506490275152075557038378270357512",
"311522163058794236928516589728765190085"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testParseNonExistingFile",
"file": "server/src/test/java/org/opensearch/index/analysis/AnalysisTests.java"
},
"id": "CVE-2022-41917-a35fc3b5",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 620.0,
"function_hash": "41170949502944265780084601630085610458"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getWordList",
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-a3acdf2a",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 131.0,
"function_hash": "335270822789775272669757556458159253031"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testKuromojiAnalyzerDuplicateUserDictRule",
"file": "plugins/analysis-kuromoji/src/test/java/org/opensearch/index/analysis/KuromojiAnalysisTests.java"
},
"id": "CVE-2022-41917-b0e2a3bc",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 488.0,
"function_hash": "264427143854636905545408192196460743964"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/test/java/org/opensearch/analysis/common/BaseWordDelimiterTokenFilterFactoryTestCase.java"
},
"id": "CVE-2022-41917-b370635b",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"222130018292434616747258910815314766206",
"195883867379742098617099476502653007002"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "buildSynonyms",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/SynonymTokenFilterFactory.java"
},
"id": "CVE-2022-41917-b55af76a",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 420.0,
"function_hash": "234517958295187873297119733708754863503"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "parseWords",
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-bc48a228",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 437.0,
"function_hash": "85344683432013631753191143608827551910"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "server/src/test/java/org/opensearch/indices/analysis/AnalysisModuleTests.java"
},
"id": "CVE-2022-41917-bc4954a2",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"257998577119683662836810621513159420317",
"36877271394219086506199677989276982001",
"262813357812124768301477651457934553161",
"81956772421419855772165199603672741799",
"68220824843538881297650765327994747017",
"51711104919855979117160388914218313723",
"17698065129891418664643591170613955965",
"229725106370564251210560804559804659959",
"145245705559270952171803431132387768613",
"151976283975813982836448346494390833489",
"160789155037978241014427571389817589488",
"18535596033112031668234058399477940947"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/WordDelimiterGraphTokenFilterFactory.java"
},
"id": "CVE-2022-41917-c01d2597",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318585765218046772063895977455970478002",
"91872981651639375710132422364773390418",
"53616515670617784803198560225645815189",
"195311782735850586176572569457280811293",
"34653006751624497139418927519534784465",
"315388508877765426681873712126295281728",
"64913146282092442741085040720672439963",
"86547588149424788970287961051867558946"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "WordDelimiterTokenFilterFactory",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/WordDelimiterTokenFilterFactory.java"
},
"id": "CVE-2022-41917-c12d02af",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 1210.0,
"function_hash": "181574555054423950980053085945659057545"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-nori/src/main/java/org/opensearch/index/analysis/NoriAnalyzerProvider.java"
},
"id": "CVE-2022-41917-c361b8e4",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"327670762231415246545252567493607876720",
"268874903052782436631582438603893547713",
"4348251768172488732195572753444720174",
"164753280413885813928531572971674173791"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "server/src/test/java/org/opensearch/indices/analyze/HunspellServiceTests.java"
},
"id": "CVE-2022-41917-ca9d9cea",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"244538917492839626145666165830901884934",
"125346376276314126712025849486967206346",
"10968483560346819309373249400631244351",
"276251671523065973409431968296835060734",
"144679960663738164105022352237423498794",
"63320660257884002280647035681423017439",
"84212914011047468447059225150499919912",
"196297553384945404930699307003145732867",
"51291681077109089607630147501560797959",
"113222302783786320452175332009138523226",
"264893569489192044943487278310438290573",
"98570773932584790335170968376806370523",
"215572134523653525335688979511016078700",
"178778556961898020605780413363282304684",
"270517651089676730044078639717234601525",
"86599147180136192752300383940536104569"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "MappingCharFilterFactory",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/MappingCharFilterFactory.java"
},
"id": "CVE-2022-41917-cc387bac",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 366.0,
"function_hash": "10291138079876447668285408730049818939"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testDicWithNoAff",
"file": "server/src/test/java/org/opensearch/indices/analyze/HunspellServiceTests.java"
},
"id": "CVE-2022-41917-cc3d16df",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 607.0,
"function_hash": "181194592656370600420534244871696967353"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testRuleError",
"file": "modules/analysis-common/src/test/java/org/opensearch/analysis/common/StemmerOverrideTokenFilterFactoryTests.java"
},
"id": "CVE-2022-41917-cca2998f",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 277.0,
"function_hash": "194785354979849287922758716804332119705"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "testWordListPath",
"file": "server/src/test/java/org/opensearch/indices/analysis/AnalysisModuleTests.java"
},
"id": "CVE-2022-41917-ccf1c294",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 638.0,
"function_hash": "140870604249774573514590178314297760342"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-kuromoji/src/main/java/org/opensearch/index/analysis/KuromojiPartOfSpeechFilterFactory.java"
},
"id": "CVE-2022-41917-d2678474",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"196016838179657315346454422535464230920",
"108837239804918932961168505398978666613",
"170362648760777844431247065530928839405",
"252365428599797932584215858621561136198"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/StemmerOverrideTokenFilterFactory.java"
},
"id": "CVE-2022-41917-d3f9be8a",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"318585765218046772063895977455970478002",
"47673691033201663307914067342749177121",
"334932541511870558722058879402902228641",
"307558206968203846931340867633368370050",
"306220774464390874056220684343678952395",
"182298979154352079037078441763813289889",
"92522943732717609344677234464623416095",
"265100503220412397374177615850489260881",
"97863098512434523615195173217684649690",
"157213737198038044825059719249943216784",
"178076066850434167463438797574098000301",
"231515088336970329400159570789460343141",
"112830996870952550358645315179722976526",
"5782020496576311551152483876650393859",
"124487769697743828694133343200819768764",
"127151055475433539532177784235635730808",
"560705575978279861748595800583303656",
"240122408266847761345614933354447936305",
"167380983541086996074551202776460941020",
"126184081738669766090750882388233775803",
"278412337723475050986623664072274514378",
"288330389190911571996404591411074414939",
"110084707188449532859507421142655845817",
"256431301565447499710513332339085774517",
"275012718598147976304242083324984171349",
"59786142146716680571099249681910721741",
"9921638432498286661913042690109130495",
"93627358200757229398886298472967109655",
"304898491023932109615166868592824437691",
"134984217934682190305622294275005520399",
"197027687349788482828725994467591513283",
"325724182295433926671700333201862438377",
"304603025378801466386963859914725225726",
"56911010350691471892011444783052574684",
"169316340638024193806150459093207412333",
"158994156285789033616271692636027456356",
"108587633537507210242609878158511307392"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "getUserDictionary",
"file": "plugins/analysis-kuromoji/src/main/java/org/opensearch/index/analysis/KuromojiTokenizerFactory.java"
},
"id": "CVE-2022-41917-d50d1315",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 1105.0,
"function_hash": "243291135274801034348156805059726498849"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "NoriPartOfSpeechStopFilterFactory",
"file": "plugins/analysis-nori/src/main/java/org/opensearch/index/analysis/NoriPartOfSpeechStopFilterFactory.java"
},
"id": "CVE-2022-41917-d8f3ad35",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 271.0,
"function_hash": "5435587212410307244151779399305191658"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "parseRules",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/StemmerOverrideTokenFilterFactory.java"
},
"id": "CVE-2022-41917-db72441f",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 638.0,
"function_hash": "287782956828317165168223137021813033941"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "generateWordList",
"file": "server/src/test/java/org/opensearch/indices/analysis/AnalysisModuleTests.java"
},
"id": "CVE-2022-41917-dbb6b02a",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 298.0,
"function_hash": "291738432609685861645254956810730266200"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "loadWordList",
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-e3279d83",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 429.0,
"function_hash": "119643372986481659262220042905635960664"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "server/src/main/java/org/opensearch/index/analysis/Analysis.java"
},
"id": "CVE-2022-41917-e4268a52",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"80362560046818817681976211717162525790",
"179043312201370583531369149258621898823",
"294572179272897995055765395345343224895",
"33545480893440720403699933128132167102",
"47043733513439369906111940074382557248",
"317907130767011211755637535858996435332",
"228035554644810353351212160490500965417",
"222768351409467824729152925178026746845",
"56527219905721122310448821141510822572",
"62456283456865633219639985509781561693",
"285082093058850567881433821628692488298",
"112455153530915588699157285789934661388",
"330636167701810382609793870206048025720",
"255472994429035547880491036875470781114",
"326771805047655648356538866452546274007",
"126356250259452193646645474302815057492",
"13611692881289214999827533718223943476",
"239137122963872642311529913524015502079",
"249696007418127881329173956060967260796",
"318205029799773837551534496359426031489",
"22697795473482504068321346859638317096",
"175935889108291852289834544734445941059",
"217613715393096293330379136028726144884",
"143174567773678891966693597178007589271",
"307801456391434816924602023775579986979",
"154273051110214248392384652016503944477",
"14942876433603290327637323884582609627",
"86940383469074757299745244828289098987",
"73445282524809989291347497624625382154",
"28078600928958604671578016941475443278",
"34135998326826544494875022079776366570",
"196171420090262790578027730187058865426",
"333410001624349834884369018742485436583",
"311400887724936962611674412533525669875",
"80730730399221896277464096818996899688",
"259940654510208893232212236585313983243",
"195265833533008725661641545211370660847",
"49525932101581162411130806103079238843",
"333694982964705384959138074041970380968",
"279261399421818503020438463907285961229",
"195364417162771409361242683070962135291",
"233906325713435133129668291556149999796",
"91184863584581549135717943806355221905",
"139047903862287521640647437536004617905",
"86798575101810463181483079917928897828",
"325473551644423065830272112996512491887",
"120654778092441924018972828145032836985",
"99677422450655213842742778991478936042",
"240252272456984395687357777441563045160",
"270790771839388014205243317141767039486",
"61258705926422271059480534513557859683",
"101257493722867924078398830531498808087",
"86035585892615254442370862101805962947",
"84372418188449787418138855105598779784",
"269251838732397127110907250588386703170",
"205971861604704075990292806875386503603",
"69599449240323106215987124941249028174",
"90477121491718072060675061028638773452",
"159452224587184938778937548681112152248",
"305068579504350499143502782577538378679",
"139649495802788409272236715812576873911",
"219542903012019254892754952405685101334",
"72773839262701109989961883687563204904",
"48032817385260973378871843200713594071",
"29877814425642817225395232250574599573",
"136070886474789055872915946713751611499",
"51481460655234872311110555980251738467",
"145365678351154226940960234229319815806",
"78995963205088081283785870057431617957",
"139047903862287521640647437536004617905",
"57652799335204764187941290873590067589",
"177757777123348616456221059969676340297",
"50942405802198678674112263160890833701",
"267087837899737393019049493887439051053",
"113692885183379875599924854926081740862"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "NoriAnalyzerProvider",
"file": "plugins/analysis-nori/src/main/java/org/opensearch/index/analysis/NoriAnalyzerProvider.java"
},
"id": "CVE-2022-41917-e73e251d",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 463.0,
"function_hash": "279944563276199053002058898520919384786"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "KuromojiPartOfSpeechFilterFactory",
"file": "plugins/analysis-kuromoji/src/main/java/org/opensearch/index/analysis/KuromojiPartOfSpeechFilterFactory.java"
},
"id": "CVE-2022-41917-eccffc15",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 289.0,
"function_hash": "329809226755627842713234130582407298694"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"function": "HyphenationCompoundWordTokenFilterFactory",
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/HyphenationCompoundWordTokenFilterFactory.java"
},
"id": "CVE-2022-41917-edf64a8f",
"deprecated": false,
"signature_type": "Function",
"signature_version": "v1",
"digest": {
"length": 581.0,
"function_hash": "243409086512293440872825131937347373953"
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "plugins/analysis-kuromoji/src/test/java/org/opensearch/index/analysis/KuromojiAnalysisTests.java"
},
"id": "CVE-2022-41917-efa70921",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"45524427521153656266812087539124090024",
"305895016772490157614664675391036720632",
"100491831666351955224003518950789444916",
"119955407707916806748813071531146252685",
"46014241160977908696250747753033182490"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/MappingCharFilterFactory.java"
},
"id": "CVE-2022-41917-fa15a1f6",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"290212279850964436139178196181072492877",
"206741399728692572585325535716832514859",
"122024277021127815618562158671822081316",
"139052276641515435948005115122930041881",
"171343912542226955395081838175827544418",
"43261003069423255370439518489842889430",
"42955051301315913586357950656064408388",
"107021456375131704825231910593115954207",
"167191313751192407649075490744620617674",
"51748887795105469088701682308260471609",
"118998556905014554441940507267394526234",
"95249738952580145378879193659747768022",
"255607363004995216054288979187885690085",
"156726477461983587425125140679469805582",
"261306802714998143702642683504800006402",
"209385391801010292032682166160335544891",
"30379085384155658022957509518944646960",
"210084436984643448833176391179664323437",
"222322091716629702104542832924924273131",
"135531779896187659051710997075267885589",
"256672461863454709187673146084580627914",
"50070979997919222697954178774728815172",
"77684366463649613164958206537408897271",
"102585244920026671674822306230898250295",
"198751214385471716382002238803516199082"
]
}
},
{
"source": "https://github.com/opensearch-project/opensearch/commit/6d20423f5920745463b1abc5f1daf6a786c41aa0",
"target": {
"file": "modules/analysis-common/src/main/java/org/opensearch/analysis/common/SynonymTokenFilterFactory.java"
},
"id": "CVE-2022-41917-ff15f2a0",
"deprecated": false,
"signature_type": "Line",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"271443702475636854332131117653319444555",
"128233686025081921735974140011227088370",
"51748547703938597943592867197037413355",
"16069582832339860183132799717508944702",
"249843403332797400713619541878430181464",
"179884292504253853072991680094853060977",
"77762023829034628456471819772553680705",
"337176616589192798881970203557067961702",
"75984720381926313635087223396378808299",
"112571358493203014432845650167407713686",
"28721071181928934832949682269364209287"
]
}
}
]