GHSA-3393-hvrj-w7v3
Suggest an improvement- Source
- https://github.com/advisories/GHSA-3393-hvrj-w7v3
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/08/GHSA-3393-hvrj-w7v3/GHSA-3393-hvrj-w7v3.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-3393-hvrj-w7v3
- Aliases
- Published
- 2021-08-09T20:41:17Z
- Modified
- 2024-02-20T05:18:20.296698Z
- Severity
-
- 5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Denial of Service in Elasticsearch
- Details
-
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
- Database specific
{ "nvd_published_at": "2021-07-26T12:15:00Z", "cwe_ids": [ "CWE-674" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2021-08-02T19:21:25Z" }- References
Affected packages
Maven / org.elasticsearch:elasticsearch
Package
- Name
- org.elasticsearch:elasticsearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch/elasticsearch
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed6.8.17
Affected versions
0.*
0.6.0
0.7.0
0.7.1
0.8.0
0.9.0
0.10.0
0.11.0
0.12.0
0.12.1
0.13.0
0.13.1
0.14.0
0.14.1
0.14.2
0.14.3
0.14.4
0.15.0
0.15.1
0.15.2
0.16.0
0.16.1
0.16.2
0.16.3
0.16.4
0.16.5
0.17.0
0.17.1
0.17.2
0.17.3
0.17.4
0.17.5
0.17.6
0.17.7
0.17.8
0.17.9
0.17.10
0.18.0
0.18.1
0.18.2
0.18.3
0.18.4
0.18.5
0.18.6
0.18.7
0.19.0.RC1
0.19.0.RC2
0.19.0.RC3
0.19.0
0.19.1
0.19.2
0.19.3
0.19.4
0.19.5
0.19.6
0.19.7
0.19.8
0.19.9
0.19.10
0.19.11
0.19.12
0.20.0.RC1
0.20.0
0.20.1
0.20.2
0.20.3
0.20.4
0.20.5
0.20.6
0.90.0.Beta1
0.90.0.RC1
0.90.0.RC2
0.90.0
0.90.1
0.90.2
0.90.3
0.90.4
0.90.5
0.90.6
0.90.7
0.90.8
0.90.9
0.90.10
0.90.11
0.90.12
0.90.13
1.*
1.0.0.Beta1
1.0.0.Beta2
1.0.0.RC1
1.0.0.RC2
1.0.0
1.0.1
1.0.2
1.0.3
1.1.0
1.1.1
1.1.2
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
1.4.0.Beta1
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.5.0
1.5.1
1.5.2
1.6.0
1.6.1
1.6.2
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
2.*
2.0.0-beta1
2.0.0-beta2
2.0.0-rc1
2.0.0
2.0.1
2.0.2
2.1.0
2.1.1
2.1.2
2.2.0
2.2.1
2.2.2
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.4.5
2.4.6
5.*
5.0.0-alpha1
5.0.0-alpha2
5.0.0-alpha3
5.0.0-alpha4
5.0.0-alpha5
5.0.0-beta1
5.0.0-rc1
5.0.0
5.0.1
5.0.2
5.1.1
5.1.2
5.2.0
5.2.1
5.2.2
5.3.0
5.3.1
5.3.2
5.3.3
5.4.0
5.4.1
5.4.2
5.4.3
5.5.0
5.5.1
5.5.2
5.5.3
5.6.0
5.6.1
5.6.2
5.6.3
5.6.4
5.6.5
5.6.6
5.6.7
5.6.8
5.6.9
5.6.10
5.6.11
5.6.12
5.6.13
5.6.14
5.6.15
5.6.16
6.*
6.0.0-alpha1
6.0.0-alpha2
6.0.0-beta1
6.0.0-beta2
6.0.0-rc1
6.0.0-rc2
6.0.0
6.0.1
6.1.0
6.1.1
6.1.2
6.1.3
6.1.4
6.2.0
6.2.1
6.2.2
6.2.3
6.2.4
6.3.0
6.3.1
6.3.2
6.4.0
6.4.1
6.4.2
6.4.3
6.5.0
6.5.1
6.5.2
6.5.3
6.5.4
6.6.0
6.6.1
6.6.2
6.7.0
6.7.1
6.7.2
6.8.0
6.8.1
6.8.2
6.8.3
6.8.4
6.8.5
6.8.6
6.8.7
6.8.8
6.8.9
6.8.10
6.8.11
6.8.12
6.8.13
6.8.14
6.8.15
6.8.16
Maven / org.elasticsearch:elasticsearch
Package
- Name
- org.elasticsearch:elasticsearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch/elasticsearch
Affected versions
7.*
7.0.0-alpha1
7.0.0-alpha2
7.0.0-beta1
7.0.0-rc1
7.0.0-rc2
7.0.0
7.0.1
7.1.0
7.1.1
7.2.0
7.2.1
7.3.0
7.3.1
7.3.2
7.4.0
7.4.1
7.4.2
7.5.0
7.5.1
7.5.2
7.6.0
7.6.1
7.6.2
7.7.0
7.7.1
7.8.0
7.8.1
7.9.0
7.9.1
7.9.2
7.9.3
7.10.0
7.10.1
7.10.2
7.11.0
7.11.1
7.11.2
7.12.0
7.12.1
7.13.0
7.13.1
7.13.2