Moderate severityNVD Advisory· Published Jun 13, 2024· Updated Aug 16, 2024
Elasticsearch StackOverflow vulnerability
CVE-2024-37280
Description
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 8.13.1, < 8.14.0 | 8.14.0 |
Affected products
25- osv-coords24 versionspkg:apk/chainguard/elasticsearch-8pkg:apk/chainguard/elasticsearch-8-bitnamipkg:apk/chainguard/elasticsearch-8-configpkg:apk/chainguard/elasticsearch-8-iamguardedpkg:apk/chainguard/elasticsearch-configpkg:apk/chainguard/elasticsearch-fips-8pkg:apk/chainguard/elasticsearch-fips-8-bitnamipkg:apk/chainguard/elasticsearch-fips-8-configpkg:apk/chainguard/elasticsearch-fips-8-policy-140-2pkg:apk/chainguard/elasticsearch-fips-8-policy-140-3pkg:apk/chainguard/sonarqubepkg:apk/chainguard/sonarqube-10pkg:apk/chainguard/sonarqube-10-docker-compatpkg:apk/chainguard/sonarqube-10-scriptspkg:apk/chainguard/sonarqube-docker-compatpkg:apk/chainguard/sonarqube-scriptspkg:apk/wolfi/sonarqubepkg:apk/wolfi/sonarqube-10pkg:apk/wolfi/sonarqube-10-docker-compatpkg:apk/wolfi/sonarqube-10-scriptspkg:apk/wolfi/sonarqube-docker-compatpkg:apk/wolfi/sonarqube-scriptspkg:bitnami/elasticsearchpkg:maven/org.elasticsearch/elasticsearch
< 8.14.1-r0+ 23 more
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 8.14.1-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.3.0.104237-r0
- (no CPE)range: < 25.3.0.104237-r0
- (no CPE)range: < 25.3.0.104237-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.3.0.104237-r0
- (no CPE)range: < 25.3.0.104237-r0
- (no CPE)range: < 25.3.0.104237-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: < 25.10.0.114319-r0
- (no CPE)range: >= 8.13.1, < 8.14.0
- (no CPE)range: >= 8.13.1, < 8.14.0
- Range: 8.13.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.