Lucene search

K
osvGoogleOSV:CVE-2021-22144
HistoryJul 26, 2021 - 12:15 p.m.

CVE-2021-22144

2021-07-2612:15:08
Google
osv.dev
5
elasticsearch
grok parser
denial of service
vulnerability
malicious query

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

49.6%

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

49.6%