In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
CPE | Name | Operator | Version |
---|---|---|---|
elasticsearch | lt | 6.8.17 | |
elasticsearch | ge | 7.0.0 | |
elasticsearch | lt | 7.13.3 | |
communications_cloud_native_core_automated_test_suite | eq | 1.8.0 |