An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLTMzOTMtaHZyai13N3Yz

Denial of Service in Elasticsearch

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 8 months ago

CVSS Score: 5.7
CVSS vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Identifiers: GHSA-3393-hvrj-w7v3, CVE-2021-22144

Affected Packages

Versions: >= 7.0.0-alpha1, < 7.13.3, < 6.8.17
Fixed in: 7.13.3, 6.8.17