Uncontrolled Recursion Vulnerability in Elasticsearch Grok Parser
CVE-2021-22144

6.5MEDIUM

Key Information:

Vendor: Elastic
Status: Elasticsearch
Vendor: CVE Published:; 26 July 2021

What is CVE-2021-22144?

In Elasticsearch, an uncontrolled recursion vulnerability was discovered in the Grok parser present in versions prior to 7.13.3 and 6.8.17. This flaw allows a malicious actor, capable of submitting arbitrary queries, to construct a specially crafted Grok query that could trigger a denial of service by crashing the Elasticsearch node. It is crucial for users of affected versions to apply the relevant updates to mitigate this risk.