CVE-2024-52979 | THREATINT

Description

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

PUBLISHED Reserved 2024-11-18 | Published 2025-05-01 | Updated 2025-05-01 | Assigner elastic

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-400 Uncontrolled Resource Consumption

Product status

Default status

unaffected

7.17.0 (semver) before 7.17.25

affected

8.0.0 (semver) before 8.16.0

affected

References

discuss.elastic.co/...6-0-security-update-esa-2024-40/377709

cve.org (CVE-2024-52979)

nvd.nist.gov (CVE-2024-52979)

Download JSON