GHSA-3393-hvrj-w7v3

Vulnerable Component Details
Type Namespace Name Version Package URL
maven org.elasticsearch elasticsearch 7.9.3 pkg:maven/org.elasticsearch/elasticsearch@7.9.3?type=jar
Vulnerability Details
ID GHSA-3393-hvrj-w7v3
Description In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
Recommendation Upgrade to versions 6.8.17, 7.13.3 or above.. || State: fixed | Fix Versions: 7.13.3
Ratings
Severity Score Method Vector Source
None None cbl-mariner
5.7 CVSSv31 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H ghsa
4.0 CVSSv2 AV:N/AC:L/Au:S/C:N/I:N/A:P nvd
6.5 CVSSv3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H nvd
Related Vulnerabilities
Found By Anchore Grype , Aquasec Trivy , Gitlab Gemnasium
References / Advisories
Weakness Enumeration