4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%
org.elasticsearch:elasticsearch is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of deeply nested pipelines during document processing which can cause the Elasticsearch node to crash, resulting in Denial Of Service.
discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314
github.com/advisories/GHSA-w5gg-2q56-6h4f
github.com/elastic/elasticsearch/commit/874a1dc991881ae39febabc3fd4a108a1f316f3b
github.com/elastic/elasticsearch/commit/f0ec29438209792ba5e7d1f24aa5a8bd6d908a6a
security.netapp.com/advisory/ntap-20240517-0010/
www.elastic.co/community/security
4.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
6.7 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.7%