Lucene search

K
cnvdChina National Vulnerability DatabaseCNVD-2021-59131
HistoryJul 12, 2021 - 12:00 a.m.

Elasticsearch Resource Management Error Vulnerability

2021-07-1200:00:00
China National Vulnerability Database
www.cnvd.org.cn
19
elasticsearch
resource management
error vulnerability
grok queries
denial of service
json
http
lucene

EPSS

0.001

Percentile

49.6%

Elasticsearch is a set of open source distributed RESTful search engine built on Lucene from the Dutch company Elasticsearch. The product is mainly used in cloud computing and supports data indexing using JSON over HTTP.Elasticsearch has a resource management error vulnerability that stems from Grok queries triggering an overload in Elasticsearch, which could be exploited by an attacker to trigger a denial of service.