Elasticsearch Document Ingest Vulnerability
CVE-2024-37280

4.9MEDIUM

Key Information:

Vendor: Elastic
Status: Elasticsearch
Vendor: CVE Published:; 13 June 2024

What is CVE-2024-37280?

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Affected Version(s)

Elasticsearch 8.13.1 <= 8.13.4

References

https://discuss.elastic.co/t/elasticsearch-8-14-0-securit...

CVSS V3.1

Score:

4.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 13, 2024
Vulnerability Reserved
Jun 5, 2024