org.elasticsearch:elasticsearch 7.17.29

Direct Vulnerabilities

Known vulnerabilities in the org.elasticsearch:elasticsearch package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Allocation of Resources Without Limits or Throttling org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the `snapshot restore` request due to improper length validation for `rename_replacement`. An attacker can exhaust system memory and disrupt service availability by sending specially crafted HTTP requests. Note: This is only exploitable if the attacker has authenticated access with snapshot restore privileges. How to fix Allocation of Resources Without Limits or Throttling? Upgrade `org.elasticsearch:elasticsearch` to version 8.19.8, 9.1.8, 9.2.2 or higher.	[7.0.0-alpha1,8.19.8)[9.0.0-beta1,9.1.8)[9.2.0,9.2.2)
M Insertion of Sensitive Information into Log File org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine. Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture confidential data during request processing. How to fix Insertion of Sensitive Information into Log File? Upgrade `org.elasticsearch:elasticsearch` to version 8.18.8, 8.19.5, 9.0.8, 9.1.5 or higher.	[,8.18.8)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)

Vulnerability

Vulnerable Version

Allocation of Resources Without Limits or Throttling

org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine.

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the snapshot restore request due to improper length validation for rename_replacement. An attacker can exhaust system memory and disrupt service availability by sending specially crafted HTTP requests.

Note:

This is only exploitable if the attacker has authenticated access with snapshot restore privileges.

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade org.elasticsearch:elasticsearch to version 8.19.8, 9.1.8, 9.2.2 or higher.

[7.0.0-alpha1,8.19.8)[9.0.0-beta1,9.1.8)[9.2.0,9.2.2)

Insertion of Sensitive Information into Log File

org.elasticsearch:elasticsearch is a Distributed, RESTful Search Engine.

Affected versions of this package are vulnerable to Insertion of Sensitive Information into Log File via the reindex request due to redacting certain fields from the body of rest requests in audit logs. An attacker can obtain sensitive information by triggering audit logs that capture confidential data during request processing.

How to fix Insertion of Sensitive Information into Log File?

Upgrade org.elasticsearch:elasticsearch to version 8.18.8, 8.19.5, 9.0.8, 9.1.5 or higher.

[,8.18.8)[8.19.0,8.19.5)[9.0.0-beta1,9.0.8)[9.1.0,9.1.5)

org.elasticsearch:elasticsearch@7.17.29

latest version

latest non vulnerable version

first published

latest version published

licenses detected

package registry

Direct Vulnerabilities

Fix vulnerabilities automatically