2 matches found
com.farcsal.dql:query-es (=0.8.0), com.github.msarhan:elasticsearch-analysis-arabic (>=1.2.0 <=1.4.0) +14 more potentially affected by CVE-2024-52980 via org.elasticsearch:elasticsearch-grok (>=8.10.0 <=8.15.0)
org.elasticsearch:elasticsearch-grok MAVEN version =8.10.0, =1.2.0, =0.83.0, =7.23.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0.0, =8.10.0, =8.14.2, =8.10.0, =8.10.0, =8.10.0, =1.7.es8114.0, =1.7.es8150.0 and more Source cves: CVE-2024-52980 Source advisory: SNYK:JAVA-ORGELASTICSEARCH-9679474...
UBUNTU-CVE-2024-52980
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. A successful attack requires a malicious user to have readpipeline Elasticsearch cluster privilege assigned to the...