org.elasticsearch:elasticsearch@6.8.15 vulnerabilities
-
latest version
8.12.2
-
first published
14 years ago
-
latest version published
a month ago
-
licenses detected
- [0.6.0,7.11.0)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a document in a deeply nested pipeline on an ingest node, causing the node to crash. How to fix Uncontrolled Recursion? Upgrade |
[,7.17.19)
[8.0.0-alpha1,8.13.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when handling incoming requests on the HTTP layer. An attacker can force a node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,7.17.13)
[8.0.0,8.9.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,7.17.1)
[8.0.0,8.0.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Missing Authorization by allowing users with How to fix Missing Authorization? Upgrade |
[,7.17.1)
[8.0.0,8.0.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Denial of Service (DoS). An uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the {es} Grok parser. A user with the ability to submit arbitrary queries to {es} could create a malicious Grok query that will crash the {es} node. How to fix Denial of Service (DoS)? Upgrade |
[7.0.0,7.13.3)
[,6.8.17)
|