24 matches found
Elasticsearch 7.0.x < 7.17.24 / 8.0.x < 8.15.0 DoS (ESA-2026-52)
The version of Elasticsearch installed on the remote host is 7.0 prior to 7.17.24 or 8.0 prior to 8.15.0. It is, therefore, affected by a denial of service vulnerability: - Uncontrolled resource consumption in Elasticsearch allows an authenticated user to submit a specially crafted bulk request...
net.sc8s:elastic-testkit_2.13 (>=0.102.0 <=0.110.0), org.elasticsearch.test:framework (>=9.0.0 <=9.1.10) +3 more potentially affected by CVE-2025-68390 via org.elasticsearch:elasticsearch (>=9.0.0-beta1 <=9.1.7)
org.elasticsearch:elasticsearch MAVEN version =9.0.0-beta1, =0.102.0, =9.0.0, =9.0.0, =1.7.es904.0, =9.0.0, =9.1.5 Source cves: CVE-2025-68390 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-14534841...
ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +1034 more potentially affected by CVE-2025-37731 via org.elasticsearch:elasticsearch (>=7.0.0-alpha1 <=8.19.7)
org.elasticsearch:elasticsearch MAVEN version =7.0.0-alpha1, =j8.2.2.0, =1.2.1, =0.0.1-alpha, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.4.0 and more Source cves: CVE-2025-37731 Source advisory: OSV:GHSA-M9GH-789G-Q5PV...
com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +14 more potentially affected by CVE-2025-37727 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.18.7)
org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =1.7.es8184.0 and more Source cves: CVE-2025-37727 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-13517507...
EUVD-2021-0610
Malware in sbrugna...
EUVD-2022-4199
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2020-7020
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Elasticsearch versions before 6.8.13 and 7.9.2 contain a document disclosure flaw when Document or Field Level Security is used. Search queries do not properly...
Linux Distros Unpatched Vulnerability : CVE-2021-22134
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A document disclosure flaw was found in Elasticsearch versions after 7.6.0 and before 7.11.0 when Document or Field Level Security is used. Get requests do not...
com.farcsal.dql:query-es (=0.8.0), com.github.ben-manes.caffeine:simulator (>=3.0.4 <=3.0.5) +13 more potentially affected by CVE-2024-52981 via org.elasticsearch:elasticsearch (>=8.0.0-alpha1 <=8.15.0)
org.elasticsearch:elasticsearch MAVEN version =8.0.0-alpha1, =3.0.4, =1.2.0, =0.83.0, =7.23.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =1.6.es801.0, =8.0.0, =8.15.0 Source cves: CVE-2024-52981 Source advisory: OSV:GHSA-5XM9-X7X4-4J5X...
ai.grakn:grakn-dist (>=0.7.0 <=0.16.0), ai.grakn:grakn-test (=0.10.0) +2379 more potentially affected by CVE-2024-43709 via org.elasticsearch:elasticsearch (>=0.6.0 <=7.17.20)
org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.7.0, =0.6.1, =0.11.0, =j11.2.6.0, =0.3.0, =1.0.1, =5.1.0, =5.6.5, =5.1.0, =5.3.0, =5.1.0, =5.1.0, =5.1.0, =6.10.5 and more Source cves: CVE-2024-43709 Source advisory: OSV:GHSA-JGX4-7V3V-VWFM...
net.sc8s:elastic-testkit_2.13 (=0.96.0), nl.basjes.parse.useragent:yauaa-elasticsearch-8 (=7.29.0) +3 more potentially affected by CVE-2024-12539 via org.elasticsearch:elasticsearch (>=8.16.0 <=8.16.1)
org.elasticsearch:elasticsearch MAVEN version =8.16.0, =8.16.0, =8.16.0, =8.16.0, =8.16.1 Source cves: CVE-2024-12539 Source advisory: OSV:GHSA-5MPW-4546-2WCR...
net.sc8s:elastic-testkit_2.13 (=0.88.0), nl.basjes.parse.useragent:yauaa-elasticsearch-8 (=7.26.1) +8 more potentially affected by CVE-2024-37280 via org.elasticsearch:elasticsearch (>=8.13.1 <=8.13.4)
org.elasticsearch:elasticsearch MAVEN version =8.13.1, =8.13.1, =8.13.1, =8.13.1, =8.13.4 Source cves: CVE-2024-37280 Source advisory: OSV:GHSA-4Q22-422G-M4PJ...
PT-2024-2594 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch versions 8.10.0 through 8.12.x Description: The issue is related to an Incorrect Authorization problem in the API key based security model for Remote Cluster Security, which is currently in Beta. This allows a malicious user wit...
com.farcsal.dql:query-es (=0.8.0), org.codelibs:elasticsearch-analysis-extension (>=8.0.0 <=8.10.2.0) +7 more potentially affected by CVE-2023-46673 via org.elasticsearch:elasticsearch (>=8.0.0 <=8.10.2)
org.elasticsearch:elasticsearch MAVEN version =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.10.0, =8.0.0, =8.0.1 Source cves: CVE-2023-46673 Source advisory: OSV:GHSA-285M-VHFQ-XX4H...
cn.vertxup:zero-ifx-es (=0.9.0), cn.vertxup:zero-vie (=0.9.0) +17 more potentially affected by CVE-2023-31418 via org.elasticsearch:elasticsearch (>=8.0.0 <=8.8.2)
org.elasticsearch:elasticsearch MAVEN version =8.0.0, =0.4.0, =1.2.0, =2.6.7, =8.9.0-alpha5, =8.9.0-alpha5, =0.83.0, =6.12, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.0.0, =8.2.0, =8.19.16 and more Source cves: CVE-2023-31418 Source advisory: OSV:GHSA-2CQF-6XV9-F22W...
ai.ylyue:yue-library-data-es (>=j8.2.2.0 <=j11.2.6.2), br.com.simpli:simpli-ws (>=1.2.1 <=2.2.0) +735 more potentially affected by CVE-2019-7619 via org.elasticsearch:elasticsearch (>=7.0.0 <=7.3.2)
org.elasticsearch:elasticsearch MAVEN version =7.0.0, =j8.2.2.0, =1.2.1, =5.3.0, =5.6.5, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.2.0, =6.8.0, =6.4.0, =5.3.0, =5.3.0, =5.3.0, =5.3.0, =6.10.5 and more Source cves: CVE-2019-7619 Source advisory: OSV:GHSA-HXP8-R9G3-GRFR...
at.molindo:esi4j (>=0.3.0 <=1.0.1), be.thematchbox:AbstractRiver (=1.0.1) +301 more potentially affected by CVE-2014-3120 via org.elasticsearch:elasticsearch (>=0.6.0 <=1.4.0)
org.elasticsearch:elasticsearch MAVEN version =0.6.0, =0.3.0, =1.0.0, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.1PRE4, =0.0.1, =0.1.13, =0.1.1, =0.8.1, =0.1.0, =1.0, =1.0.0, =1.1.2, =1.8.0 and more Source cves: CVE-2014-3120 Source advisory: OSV:GHSA-MRFM-JXGF-2H6V...
cc.akkaha:asura-core_2.12 (>=0.1.0 <=0.3.0), ch.squaredesk.nova:metrics-elastic (>=4.0.0-beta-1 <=7.0.2) +324 more potentially affected by CVE-2018-3831 via org.elasticsearch:elasticsearch (>=6.0.0 <=6.4.0)
org.elasticsearch:elasticsearch MAVEN version =6.0.0, =0.1.0, =4.0.0-beta-1, =6.0.0, =6.1.1.0, =0.1.0-RC9, =5.0.3.9.6, =0.0.4, =0.1.1808, =1.0, =1.2 and more Source cves: CVE-2018-3831 Source advisory: OSV:GHSA-R9FV-QPM9-RJ4G...
Elasticsearch 5.0.0-5.6.10 and 6.0.0-6.3.2: Log4j CVE-2021-44228, CVE-2021-45046 remediation
Note — If you are not running Elasticsearch 5.0.0-5.6.10 or 6.0.0-6.3.2, these instructions do not apply. Please follow the guidance in themain announcement. Instructions for removing JndiLookup from the log4j-core JAR file These instructions only apply to users running Elasticsearch versions...
Elasticsearch versions before 7.10.0 and 6.8.14 have an information disclosure issue when audit logging and the emit_request_body option is enabled. The Elasticsearch audit log could contain sensitive information such as password hashes or authentication tokens. This could allow an Elasticsearch administrator to view these details.
...