CVE-2021-22144

Vulnerable Component Details
Type Namespace Name Version Package URL
maven org.elasticsearch elasticsearch 7.9.3 pkg:maven/org.elasticsearch/elasticsearch@7.9.3?type=jar
Vulnerability Details
ID CVE-2021-22144
Description In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
Recommendation . || State: fixed | Fix Versions: 7.13.3. || Upgrade to versions 6.8.17, 7.13.3 or above.
Ratings
Severity Score Method Vector Source
None None cbl-mariner
5.7 CVSSv31 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H ghsa
4.0 CVSSv2 AV:N/AC:L/Au:S/C:N/I:N/A:P nvd
6.5 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H nvd
6.5 CVSSv31 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H redhat
Related Vulnerabilities
Found By Gitlab Gemnasium , Anchore Grype , Aquasec Trivy
References / Advisories
Weakness Enumeration