CVE-2023-46673 – org.elasticsearch:elasticsearch

Package

Manager: maven
Name: org.elasticsearch:elasticsearch
Vulnerable Version: >=7.0.0 <7.17.14 || >=8.0.0 <8.10.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00421 pctl0.61227

Details

Elasticsearch Improper Handling of Exceptional Conditions It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Metadata

Created: 2023-11-22T12:30:26Z
Modified: 2023-11-22T20:57:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/11/GHSA-285m-vhfq-xx4h/GHSA-285m-vhfq-xx4h.json
CWE IDs: ["CWE-755"]
Alternative ID: GHSA-285m-vhfq-xx4h
Finding: F096
Auto approve: 1