CVE-2024-43709 – org.elasticsearch:elasticsearch

Package

Manager: maven
Name: org.elasticsearch:elasticsearch
Vulnerable Version: >=0 <7.17.21 || >=8.0.0 <8.13.3

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00184 pctl0.40393

Details

Elasticsearch allocation of resources without limits or throttling leads to crash An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

Metadata

Created: 2025-01-21T12:30:47Z
Modified: 2025-02-21T21:01:32Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2025/01/GHSA-jgx4-7v3v-vwfm/GHSA-jgx4-7v3v-vwfm.json
CWE IDs: ["CWE-770"]
Alternative ID: GHSA-jgx4-7v3v-vwfm
Finding: F067
Auto approve: 1