Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Remediation

References

https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2017-7669 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2023-37908 Vulnerability in maven package org.xwiki.rendering:xwiki-rendering-xml

CVE-2019-10316 Vulnerability in maven package org.jenkins-ci.plugins:aqua-microscanner

CVE-2023-49373 Vulnerability in maven package com.jfinal:jfinal

CVE-2018-1321 Vulnerability in maven package org.apache.syncope:syncope-core

Severity

High

Classification

CWE-755 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory