745 matches found
Denial Of Service (DoS)
OpenSearch is vulnerable to Denial Of Service DoS. The vulnerability is due to the handling of overly complex querystring inputs, which allows an attacker to submit specially crafted queries that exhaust system resources and trigger a DoS condition...
CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
GHSA-MW3V-MMFW-3X2G vulnerabilities
Vulnerabilities for packages: opensearch...
CVE-2025-9624 vulnerabilities
Vulnerabilities for packages: opensearch...
Linux Distros Unpatched Vulnerability : CVE-2025-9624
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versio...
CVE-2025-66031 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, jitsucom-jitsu, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines, kibana, opensearch-dashboards...
GHSA-5GFM-WPXJ-WJGQ vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, jitsucom-jitsu, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines, kibana, opensearch-dashboards...
GHSA-554W-WPV2-VW27 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, jitsucom-jitsu, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines, kibana, opensearch-dashboards...
GHSA-65CH-62R8-G69G vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, jitsucom-jitsu, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines, kibana, opensearch-dashboards...
CVE-2025-66030 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, jitsucom-jitsu, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines, kibana, opensearch-dashboards...
CVE-2025-12816 vulnerabilities
Vulnerabilities for packages: opensearch-dashboards-fips, jitsucom-jitsu, kubeflow-centraldashboard, argo-workflows, kubeflow-pipelines, kibana, opensearch-dashboards...
com.erudika:para-search-elasticsearch (=1.42.0), org.codelibs.fesen.client:fesen-httpclient (>=3.0.0 <=3.2.0) +43 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch-common (>=3.0.0 <=3.2.0)
org.opensearch:opensearch-common MAVEN version =3.0.0, =3.0.0, =15.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0.0, =3.22.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-9624 Source advisory: OSV:GHSA-MW3V-MMFW-3X2G...
EUVD-2025-199644
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions below 3.2.0...
OpenSearch is vulnerable to DoS via complex query_string inputs
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0...
GHSA-MW3V-MMFW-3X2G OpenSearch is vulnerable to DoS via complex query_string inputs
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0...
com.erudika:para-search-elasticsearch (=1.42.0), org.codelibs.fesen.client:fesen-httpclient (>=3.0.0 <=3.2.0) +26 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch (>=3.0.0-alpha1 <=3.2.0)
org.opensearch:opensearch MAVEN version =3.0.0-alpha1, =3.0.0, =15.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0.0, =3.22.0, =3.0.0, =3.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.2 and more Source cves: CVE-2025-9624 Source advisory: SNYK:JAVA-ORGOPENSEARCH-14122812...
com.digitalpebble.stormcrawler:storm-crawler-opensearch (=2.11), com.erudika:para-search-elasticsearch (>=1.40.5 <=1.41.3) +84 more potentially affected by CVE-2025-9624 via org.opensearch:opensearch (>=2.0.0-rc1 <=2.19.3)
org.opensearch:opensearch MAVEN version =2.0.0-rc1, =1.40.5, =1.0.0-TEST, =3.0.7, =0.1.3, =0.1.3, =0.1.3, =0.1.2, =0.1.2, =0.1.2, =1.2.3, =1.2.3, =1.2.3, =4.0.0.0, =4.0.5.2 and more Source cves: CVE-2025-9624 Source advisory: SNYK:JAVA-ORGOPENSEARCH-14122812https://vulners.com/sny...
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the querystring processing. An attacker can exhaust system resources and disrupt service availability by submitting excessively long Boolean or disjunction queries. PoC GET search "query": "querystring":...
CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...
CVE-2025-9624
A vulnerability in OpenSearch allows attackers to cause Denial of Service DoS by submitting complex querystring inputs. This issue affects all OpenSearch versions between 3.0.0 and 3.3.0 and OpenSearch 2.19.4...