org.elasticsearch.plugin:x-pack-security 9.1.7 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the org.elasticsearch.plugin:x-pack-security package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
H Allocation of Resources Without Limits or Throttling org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the submission of oversized user settings data. An attacker can exhaust system resources and cause a persistent denial of service by sending excessively large data inputs. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.elasticsearch.plugin:x-pack-security` to version 8.19.9, 9.1.9, 9.2.3 or higher.	[,8.19.9)[9.0.0-beta1,9.1.9)[9.2.0,9.2.3)
H Improper Certificate Validation org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority. Note: This is only exploitable if the attacker possesses a client certificate signed by a legitimate, trusted Certificate Authority. How to fix Improper Certificate Validation? Upgrade `org.elasticsearch.plugin:x-pack-security` to version 8.19.8, 9.1.8, 9.2.2 or higher.	[7.8.1,8.19.8)[9.0.0-beta1,9.1.8)[9.2.0,9.2.2)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the submission of oversized user settings data. An attacker can exhaust system resources and cause a persistent denial of service by sending excessively large data inputs.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.elasticsearch.plugin:x-pack-security to version 8.19.9, 9.1.9, 9.2.3 or higher.

[,8.19.9)[9.0.0-beta1,9.1.9)[9.2.0,9.2.3)

Improper Certificate Validation

org.elasticsearch.plugin:x-pack-security is an Elasticsearch Expanded Pack Plugin - Security

Affected versions of this package are vulnerable to Improper Certificate Validation via the PKI realm. An attacker can impersonate other users by presenting specially crafted client certificates signed by a trusted Certificate Authority.

Note: This is only exploitable if the attacker possesses a client certificate signed by a legitimate, trusted Certificate Authority.

How to fix Improper Certificate Validation?

Upgrade org.elasticsearch.plugin:x-pack-security to version 8.19.8, 9.1.8, 9.2.2 or higher.

[7.8.1,8.19.8)[9.0.0-beta1,9.1.8)[9.2.0,9.2.2)

org.elasticsearch.plugin:x-pack-security@9.1.7 vulnerabilities

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically