Elasticsearch Uncontrolled Resource Consumption vulnerability - CVE-2024-23450 (dpkg)ID: oval:org.secpod.oval:def:98796 | Date: (C)2024-04-02 (M)2024-06-10 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 7.x before 7.17.19 or 8.x before 8.13.0 and is prone to an uncontrolled Resource Consumption vulnerability. A flaw is present in the application, which fails to properly handle processing of document in a deeply nested pipeline on an ingest node. Successful exploitation could cause the Elasticsearch node to crash.