11 matches found
Linux Distros Unpatched Vulnerability : CVE-2021-22145
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to...
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Overview A flaw in Jackson-core's JsonLocation.appendSourceDesc method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array...
Elasticsearch Memory Disclosure
This module exploits a memory disclosure vulnerability in Elasticsearch 7.10.0 to 7.13.3 inclusive. A user with the ability to submit arbitrary queries to Elasticsearch can generate an error message containing previously used portions of a data buffer. This buffer could contain sensitive...
CVE-2021-22145
creationtimestamp| type| source ---|---|--- 2023-09-07 15:26:52+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/elasticsearchmemorydisclosure.rb 2025-02-06 03:13:45+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23...
ca.uhn.hapi.fhir:hapi-fhir-cli-api (>=5.3.0 <=5.7.9), ca.uhn.hapi.fhir:hapi-fhir-cli-app (>=5.6.5 <=5.7.9) +382 more potentially affected by CVE-2021-22145 via org.elasticsearch.client:elasticsearch-rest-client (>=7.10.0 <=7.13.3)
org.elasticsearch.client:elasticsearch-rest-client MAVEN version =7.10.0, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =5.6.5, =5.7.9 and more Source cves: CVE-2021-22145 Source advisory: OSV:GHSA-Q394-H7F5-7F44...
Security Bulletin: IBM Security SOAR is using a component with known vulnerabilities - Elasticsearch ( CVE-2021-22144, CVE-2021-22145, CVE-2021-22147)
Summary IBM Security SOAR is using a component with known vulnerabilities - Elasticsearch CVE-2021-22144, CVE-2021-22145, CVE-2021-22147 Vulnerability Details CVEID: CVE-2021-22144 DESCRIPTION: Elasticsearch is vulnerable to a denial of service, caused by an uncontrolled recursion vulnerability i...
ElasticSearch 7.13.3 - Memory disclosure
Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...
ElasticSearch 7.13.3 - Memory disclosure Exploit
Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import ArgumentParser...
ElasticSearch 7.13.3 Memory Disclosure
Exploit Title: ElasticSearch 7.13.3 - Memory disclosure Date: 21/07/2021 Exploit Author: r0ny Vendor Homepage: https://www.elastic.co/ Software Link: https://github.com/elastic/elasticsearch Version: 7.10.0 to 7.13.3 Tested on: Kali Linux CVE : CVE-2021-22145 /usr/bin/python3 from argparse import...
CVE-2021-22145
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data...
CVE-2021-22145
CVE-2021-22145 affects Elasticsearch 7.10.0–7.13.3 in its error reporting, allowing memory disclosure where an attacker submitting malformed queries could cause error messages to include previously used data buffer contents (e.g., documents or authentication details). The issue is documented acro...