Lucene search

K
cvelistElasticCVELIST:CVE-2021-22144
HistoryJul 26, 2021 - 11:48 a.m.

CVE-2021-22144

2021-07-2611:48:40
elastic
www.cve.org
7
elasticsearch
recursion vulnerability
denial of service
grok parser

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

49.6%

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

49.6%