HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2023-31418

CVSS 7.5v3.1pub. 2023-10-26upd. 2024-11-21

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Elastic Cloud Enterprise

    APP
    Elastic
    3.6.0≤ 2.13.3
  • Elastic Elasticsearch

    APP
    Elastic
    ≤ 7.17.128.0.0 – 8.8.2
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2015-1427CRITICAL9.8⚠ KEVten sam produkt

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...

CVE-2025-37729CRITICAL9.1PL ✓ten sam produkt

Elastic Cloud Enterprise — Server-Side Template Injection (SSTI) w silniku Jinjava

CVE-2015-5377CRITICAL9.8ten sam produkt

Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving...

CVE-2014-3120HIGH8.1⚠ KEVten sam produkt

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers...

CVE-2025-37736HIGH8.8ten sam produkt

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonl...