2 matches found
CVE-2021-22140
Elastic App Search (web crawler beta) versions 7.11.0–7.12.0 are affected by an XML External Entity (XXE) injection in the crawler, allowing an attacker crawling the site via a manipulated sitemap.xml to read files on the host. Root cause: insufficient validation of XML in the crawler. Impact: po...
CVE-2021-22140
A flaw was found in Elastic Enterprise Search. An attacker, using an XML External Entity Injection XXE issue in the App Search web crawler, could craft a malicious sitemap.xml allowing the crawler to traverse the filesystem of the host running the instance and obtain sensitive files. The highest...