CVE-2024-52979

State: PUBLISHED · Published: 2025-05-01 · Updated: 2025-05-01 · Assigner: elastic

Description

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

CWE

CWE-400 — CWE-400 Uncontrolled Resource Consumption

Affected

Elastic / Elasticsearch — v=7.17.0 <7.17.25 [affected]; v=8.0.0 <8.16.0 [affected]

CVSS

3.1 score=6.5 severity=MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References

https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709

Source

cvelistV5-main/cves/2024/52xxx/CVE-2024-52979.json