org.elasticsearch:elasticsearch@8.0.0-beta1 vulnerabilities

  • latest version

    8.17.0

  • latest non vulnerable version

  • first published

    14 years ago

  • latest version published

    17 days ago

  • licenses detected

  • package manager

  • Direct Vulnerabilities

    Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Missing Encryption of Sensitive Data

    org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine.

    Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data when creating a new Certificate Signing Request via the elasticsearch-certutil tool with the csr option. The private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.

    How to fix Missing Encryption of Sensitive Data?

    Upgrade org.elasticsearch:elasticsearch to version 7.17.23, 8.13.0 or higher.

    [,7.17.23)[8.0.0-alpha1,8.13.0)
    • M
    Uncontrolled Recursion

    org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine.

    Affected versions of this package are vulnerable to Uncontrolled Recursion when processing a document in a deeply nested pipeline on an ingest node, causing the node to crash.

    How to fix Uncontrolled Recursion?

    Upgrade org.elasticsearch:elasticsearch to version 7.17.19, 8.13.0 or higher.

    [,7.17.19)[8.0.0-alpha1,8.13.0)