Security Bulletin: IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar

Summary IBM Watson Discovery Cartridge affected by vulnerability in elasticsearch-7.17.13.jar Vulnerability Details CVEID:CVE-2024-52980 DESCRIPTION: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cau...

org.elasticsearch.test:framework (>=9.2.0 <=9.2.1), org.elasticsearch.test:yaml-rest-runner (>=9.2.0 <=9.2.1) +1 more potentially affected by CVE-2025-68390 via org.elasticsearch:elasticsearch (>=9.2.0 <=9.2.1)

org.elasticsearch:elasticsearch MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.1 - pl.allegro.tech.elasticsearch.plugin:elasticsearch-analysis-morfologik =9.2.1 Source cves: CVE-2025-68390 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14534841...

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

CVE-2025-68384

Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of oversized user settings data...

PT-2025-52366

Name of the Vulnerable Software and Affected Versions Elasticsearch affected versions not specified Description A flaw exists in Elasticsearch where a low-privileged authenticated user can trigger excessive resource allocation, leading to a persistent denial of service and potentially causing an...

org.elasticsearch.test:framework (>=9.2.0 <=9.2.1), org.elasticsearch.test:yaml-rest-runner (>=9.2.0 <=9.2.1) +1 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=9.2.0 <=9.2.1)

org.elasticsearch:elasticsearch MAVEN version =9.2.0, =9.2.0, =9.2.0, =9.2.1 - pl.allegro.tech.elasticsearch.plugin:elasticsearch-analysis-morfologik =9.2.1 Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...

ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1034 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)

org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...

Security Bulletin: Elasticsearch node crash triggered by crafted pipeline using PatternBank recursion, affects watsonx.data

Summary A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigne...

org.elasticsearch.test:framework (>=9.1.0 <=9.1.10), org.elasticsearch.test:yaml-rest-runner (>=9.1.0 <=9.1.10) +1 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=9.1.0 <=9.1.4)

org.elasticsearch:elasticsearch MAVEN version =9.1.0, =9.1.0, =9.1.0, =9.1.2, =9.1.4 Source cves: CVE-2025-37727 Source advisory: OSV:GHSA-56R7-H6MW-RCFV...

net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.108.0), org.elasticsearch.test:framework (>=9.0.0 <=9.0.7) +3 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=9.0.0-beta1 <=9.0.7)

org.elasticsearch:elasticsearch MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =1.7.es904.0, =9.0.0, =9.0.3 Source cves: CVE-2025-37727 Source advisory: OSV:GHSA-56R7-H6MW-RCFV...

org.elasticsearch.test:framework (>=8.19.0 <=8.19.16), org.elasticsearch.test:yaml-rest-runner (>=8.19.0 <=8.19.16) +1 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.19.0 <=8.19.4)

org.elasticsearch:elasticsearch MAVEN version =8.19.0, =8.19.0, =8.19.0, =8.19.2, =8.19.4 Source cves: CVE-2025-37727 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-13517507...

com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +14 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.18.7)

org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =1.7.es8184.0 and more Source cves: CVE-2025-37727 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-13517507...

Elastic Elasticsearch 安全漏洞

Elastic Elasticsearch is a search engine based on the Lucene library from the Dutch company Elastic. A security vulnerability exists in Elastic Elasticsearch that stems from the insertion of sensitive information into log files when auditing requests under certain conditions, which could lead to...

EUVD-2021-0675

Malware in sbrugna...

EUVD-2021-1526

Malware in sbrugna...

EUVD-2021-1442

Malware in sbrugna...

EUVD-2021-0670

Malware in sbrugna...

EUVD-2022-3946

Malicious code in bioql PyPI...

EUVD-2022-4417

Malicious code in bioql PyPI...

EUVD-2022-3790

Malicious code in bioql PyPI...