org.elasticsearch:elasticsearch@0.7.0 vulnerabilities
-
latest version
8.16.1
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
8 days ago
-
licenses detected
- [0.6.0,7.11.0)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data when creating a new Certificate Signing Request via the How to fix Missing Encryption of Sensitive Data? Upgrade |
[,7.17.23)
[8.0.0-alpha1,8.13.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a document in a deeply nested pipeline on an ingest node, causing the node to crash. How to fix Uncontrolled Recursion? Upgrade |
[,7.17.19)
[8.0.0-alpha1,8.13.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when handling incoming requests on the HTTP layer. An attacker can force a node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,7.17.13)
[8.0.0,8.9.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,7.17.1)
[8.0.0,8.0.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Missing Authorization by allowing users with How to fix Missing Authorization? Upgrade |
[,7.17.1)
[8.0.0,8.0.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Denial of Service (DoS). An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the {es} Grok parser. A user with the ability to submit arbitrary queries to {es} could create a malicious Grok query that will crash the {es} node. How to fix Denial of Service (DoS)? Upgrade |
[7.0.0,7.13.3)
[,6.8.17)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Information Disclosure. A document disclosure flaw was found in Elasticsearch when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain cross-cluster search queries. This could result in a search disclosing the existence of documents an authenticated user should not be able to view. How to fix Information Disclosure? Upgrade |
[7.0.0,7.11.2)
[,6.8.15)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Information Disclosure. A document disclosure flaw was found in the Elasticsearch suggester and profile API when Document and Field Level Security are enabled. The suggester and profile API are normally disabled for an index when document level security is enabled on the index. Certain queries are able to enable the profiler and suggester which could lead to disclosing the existence of documents and fields the attacker should not be able to view. How to fix Information Disclosure? Upgrade |
[7.0.0,7.11.2)
[,6.8.15)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Information Disclosure. There is an information disclosure issue when audit logging and the How to fix Information Disclosure? Upgrade |
[,6.8.14)
[7.0.0-alpha1,7.10.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Information Exposure. It contains a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly preserve security permissions when executing certain complex queries. This could result in the search disclosing the existence of documents the attacker should not be able to view. This could result in an attacker gaining additional insight into potentially sensitive indices. How to fix Information Exposure? Upgrade |
[0,6.8.13)
[7.0.0,7.9.2)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Arbitrary Code Execution. Enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to How to fix Arbitrary Code Execution? Upgrade |
[,1.2.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Privilege Escalation. A permission issue was found in Elasticsearch when Field Level Security and Document Level Security are disabled and the If the How to fix Privilege Escalation? Upgrade |
[,5.6.15)
[6.0.0,6.6.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Race Condition. On a system with multiple users submitting requests, it could be possible for an attacker to gain access to response header containing sensitive data from another user. How to fix Race Condition? Upgrade |
[,6.8.2)
[7.0.0,7.2.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Cross-site Scripting (XSS). It is possible for remote attackers to inject arbitrary web script or HTML via unspecified vectors. How to fix Cross-site Scripting (XSS)? Upgrade |
[,1.4.0.Beta1)
|
|
[,1.4.5)
[1.5.0,1.5.2)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Arbitrary Code Execution. Elasticsearch versions prior to 1.6.1 are vulnerable to an engineered attack on its transport protocol that enables remote code execution. This issue is related to the Groovy announcement in CVE-2015-3253. How to fix Arbitrary Code Execution? Upgrade |
[,1.6.1)
|
|
[,1.6.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Arbitrary Code Execution. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to create a file that another application could read and take action on, resulting in code execution. How to fix Arbitrary Code Execution? Upgrade |
[,1.6.0)
|
|
[0.6.0,1.3.8)
[1.4.0,1.4.3)
|