8 matches found
BIT-ELASTICSEARCH-2024-23449 Elasticsearch Uncaught Exception
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
SUSE CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
Denial Of Service (DoS)
Elasticsearch is vulnerable to Denial Of Service DoS. The vulnerability is due to a flaw that causes the Elasticsearch ingest node which parses PDF files to crash. Notably, this issue does not occur with password-protected or unencrypted PDF files, and requires the attachment processor to be...
CVE-2024-23449
A flaw was found in the Elasticsearch package. An uncaught exception occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with...
UBUNTU-CVE-2024-23449
An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...
Elasticsearch 8.11.1 Security Update (ESA-2024-05)
Elasticsearch Uncaught Exception ESA-2024-05 An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 Solutions and Mitigations: The issue is resolved in version 8.11.1. This requires the attachment processor to be enabled. Users unable to upgrade can ensure that the attachment...
Elasticsearch 安全漏洞
Elasticsearch is a search engine based on the Lucene library. A security vulnerability exists in Elasticsearch versions 8.4.0 through prior to 8.11.1, which stems from an uncaught exception that occurs when an encrypted PDF is passed to an attachment processor via the REST API...
PT-2024-2502 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 8.4.0 through 8.11.0 Description: The issue is related to an error in handling exceptions in the Elasticsearch search system's API implementation. It can be exploited by a remote attacker using a specially crafted PDF...