org.elasticsearch:elasticsearch@7.17.2 vulnerabilities
-
latest version
8.13.2
-
latest non vulnerable version
-
first published
14 years ago
-
latest version published
19 days ago
-
licenses detected
- (Elastic-2.0 OR SSPL-1.0)[7.11.0,)
-
package manager
Direct Vulnerabilities
Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a document in a deeply nested pipeline on an ingest node, causing the node to crash. How to fix Uncontrolled Recursion? Upgrade |
[,7.17.19)
[8.0.0-alpha1,8.13.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File due to the logging of Watcher search input at the DEBUG log level, which may result in the unintended recording of sensitive information in log files. An attacker can gain access to sensitive data by examining the log files that contain the search query results. Note: This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using:
How to fix Insertion of Sensitive Information into Log File? Upgrade |
[7.0.0,7.17.16)
[8.0.0,8.11.2)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Improper Handling of Exceptional Conditions when the script processor of an Ingest Pipeline is used with malformed scripts. A user can cause a node to crash by calling the Simulate Pipeline API. How to fix Improper Handling of Exceptional Conditions? Upgrade |
[7.0.0,7.17.14)
[8.0.0,8.10.3)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') when handling incoming requests on the HTTP layer. An attacker can force a node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. How to fix Uncontrolled Resource Consumption ('Resource Exhaustion')? Upgrade |
[,7.17.13)
[8.0.0,8.9.0)
|
org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the How to fix Stack-based Buffer Overflow? Upgrade |
[7.0.0,7.17.13)
[8.0.0,8.9.1)
|