org.elasticsearch:elasticsearch@7.0.0-alpha2 vulnerabilities
-
latest version
8.16.1
-
latest non vulnerable version
-
first published
15 years ago
-
latest version published
8 days ago
-
licenses detected
- [0.6.0,7.11.0)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data when creating a new Certificate Signing Request via the How to fix Missing Encryption of Sensitive Data? Upgrade |
[,7.17.23)
[8.0.0-alpha1,8.13.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a document in a deeply nested pipeline on an ingest node, causing the node to crash. How to fix Uncontrolled Recursion? Upgrade |
[,7.17.19)
[8.0.0-alpha1,8.13.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when handling incoming requests on the HTTP layer. An attacker can force a node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,7.17.13)
[8.0.0,8.9.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the How to fix Cross-site Scripting (XSS)? Upgrade |
[,7.17.1)
[8.0.0,8.0.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Missing Authorization by allowing users with How to fix Missing Authorization? Upgrade |
[,7.17.1)
[8.0.0,8.0.1)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Information Disclosure. There is an information disclosure issue when audit logging and the How to fix Information Disclosure? Upgrade |
[,6.8.14)
[7.0.0-alpha1,7.10.0)
|