Opensearch@* Security Vulnerabilities and Issues — Opensearch@* CVE List

Lucene search

AmazonOpensearch*

3 matches found

CVE•added 2022/06/30 10:15 p.m.•114 views

CVE-2022-31115

opensearch-ruby is a community-driven, open source fork of elasticsearch-ruby. In versions prior to 2.0.1 the ruby YAML.load function was used instead of YAML.safe_load. As a result opensearch-ruby 2.0.0 and prior can lead to unsafe deserialization using YAML.load if the response is of type YAML. A...

8.8CVSS8.7AI score0.00495EPSS

CVE•added 2022/11/16 12:15 a.m.•75 views

CVE-2022-41917

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. OpenSearch allows users to specify a local file when defining text analyzers to process data for text analysis. An issue in the implementation of this feature allows certain specially crafted queries to return a respons...

4.3CVSS4.4AI score0.00078EPSS

CVE•added 2022/11/15 11:15 p.m.•63 views

CVE-2022-41918

OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana. There is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the indices that back data streams...

6.3CVSS6.3AI score0.00037EPSS