Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52980 DESCRIPTION: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cau...

CVE-2024-52980 vulnerabilities

Vulnerabilities for packages: elasticsearch...

CVE-2024-52980

creationtimestamp| type| source ---|---|--- 2025-04-08 19:51:42+00:00| seen| https://t.me/cvedetector/22490 2025-04-09 23:24:44+00:00| seen| https://bsky.app/profile/omo.bsky.social/post/3lmg5533fis2a...

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.4.0), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +824 more potentially affected by CVE-2024-52980 via org.elasticsearch:elasticsearch (>=7.17.0 <=8.15.0)

org.elasticsearch:elasticsearch MAVEN version =7.17.0, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =6.0.0, =6.0.3, =6.0.0, =6.0.0, =6.0.0, =6.0.0, =6.2.0, =6.8.0, =6.4.0, =6.0.0, =6.0.0, =6.0.3, =6.8.0 and more Source cves: CVE-2024-52980 Source advisory: OSV:GHSA-GHFH-P92W-J4MG...

com.farcsal.dql:query-es (=0.8.0), com.github.msarhan:elasticsearch-analysis-arabic (>=1.2.0 <=1.4.0) +14 more potentially affected by CVE-2024-52980 via org.elasticsearch:elasticsearch-grok (>=8.10.0 <=8.15.0)

org.elasticsearch:elasticsearch-grok MAVEN version =8.10.0, =1.2.0, =0.83.0, =7.23.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0, =8.14.2, =8.10.0, =8.10.0, =8.10.0, =1.7.es8114.0, =1.7.es8150.0 and more Source cves: CVE-2024-52980 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-9679474...

CVE-2024-52980

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CVE-2024-52980

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

UBUNTU-CVE-2024-52980

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...

CVE-2024-52980

CVE-2024-52980 refers to an Elasticsearch vulnerability where a large recursion in the PatternBank.innerForbidCircularReferences function can crash a node. The issue requires a user with read_pipeline cluster privilege to trigger the condition, making it a resource-exhaustion risk (availability l...

Elasticsearch 8.15.1 Security Update (ESA-2024-34)

Elasticsearch Uncontrolled Resource Consumption vulnerability ESA-2024-34 A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious...