Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Remediation

References

https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708

https://www.elastic.co/community/security

Related Vulnerabilities

CVE-2018-14042 Vulnerability in maven package org.webjars.npm:bootstrap

CVE-2017-12632 Vulnerability in maven package org.apache.nifi:nifi

CVE-2023-32314 Vulnerability in maven package org.webjars.npm:vm2

CVE-2019-1003047 Vulnerability in maven package org.jenkins-ci.plugins:fortify-on-demand-uploader

CVE-2023-6394 Vulnerability in maven package io.quarkus:quarkus-smallrye-graphql-deployment

Severity

High

Classification

CWE-755 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Vendor Advisory