GHSA-ghfh-p92w-j4mg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-ghfh-p92w-j4mg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/04/GHSA-ghfh-p92w-j4mg/GHSA-ghfh-p92w-j4mg.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-ghfh-p92w-j4mg
- Aliases
-
- BIT-elasticsearch-2024-52980
- CVE-2024-52980
- Published
- 2025-04-08T18:34:42Z
- Modified
- 2025-05-27T18:19:04.727900Z
- Downstream
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- Elasticsearch Potential Node Crash due to Large Recursion in `innerForbidCircularReferences` Function
- Details
-
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.
A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
- Database specific
{ "github_reviewed_at": "2025-04-09T13:02:50Z", "severity": "MODERATE", "nvd_published_at": "2025-04-08T17:15:34Z", "github_reviewed": true, "cwe_ids": [ "CWE-400" ] }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2024-52980
- https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5
- https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267
- https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
- https://github.com/elastic/elasticsearch
Affected packages
Maven / org.elasticsearch:elasticsearch
Package
- Name
- org.elasticsearch:elasticsearch
- View open source insights on deps.dev
- Purl
- pkg:maven/org.elasticsearch/elasticsearch
Affected versions
7.*
7.17.0
7.17.1
7.17.2
7.17.3
7.17.4
7.17.5
7.17.6
7.17.7
7.17.8
7.17.9
7.17.10
7.17.11
7.17.12
7.17.13
7.17.14
7.17.15
7.17.16
7.17.17
7.17.18
7.17.19
7.17.20
7.17.21
7.17.22
7.17.23
7.17.24
7.17.25
7.17.26
7.17.27
7.17.28
8.*
8.0.0-alpha1
8.0.0-alpha2
8.0.0-beta1
8.0.0-rc1
8.0.0-rc2
8.0.0
8.0.1
8.1.0
8.1.1
8.1.2
8.1.3
8.2.0
8.2.1
8.2.2
8.2.3
8.3.0
8.3.1
8.3.2
8.3.3
8.4.0
8.4.1
8.4.2
8.4.3
8.5.0
8.5.1
8.5.2
8.5.3
8.6.0
8.6.1
8.6.2
8.7.0
8.7.1
8.8.0
8.8.1
8.8.2
8.9.0
8.9.1
8.9.2
8.10.0
8.10.1
8.10.2
8.10.3
8.10.4
8.11.0
8.11.1
8.11.2
8.11.3
8.11.4
8.12.0
8.12.1
8.12.2
8.13.0
8.13.1
8.13.2
8.13.3
8.13.4
8.14.0
8.14.1
8.14.2
8.14.3
8.15.0