3 matches found
Uncontrolled Recursion
Overview Affected versions of this package are vulnerable to Uncontrolled Recursion via the querystring processing. An attacker can exhaust system resources and disrupt service availability by submitting excessively long Boolean or disjunction queries. PoC GET search "query": "querystring":...
Upgrade OpenSearch to 1.3.7 to mitigate CVE-2022-42889
In BSERV-13534 commons-text usages were upgraded in the Bitbucket Webapp to mitigate against CVE-2022-42889 although Bitbucket WebApp was actually unaffected. The bundled OpenSearch should also be updated to 1.3.7 when it is released. The release date is currently scheduled for 13-Dec-2022:...
OpenSearch -- Log4Shell
OpenSearch reports: CVE-2021-45046 was issued shortly following the release of OpenSearch 1.2.1. This new CVE advises upgrading from Log4j 2.15.0 used in OpenSearch 1.2.1 to Log4j 2.16.0. Out of an abundance of caution, the team is releasing OpenSearch 1.2.2 which includes Log4j 2.16.0. While the...