Moderate severityNVD Advisory· Published Apr 8, 2025· Updated Apr 8, 2025
Elasticsearch Uncontrolled Resource Consumption vulnerability
CVE-2024-52980
Description
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.
A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
org.elasticsearch:elasticsearchMaven | >= 7.17.0, < 8.15.1 | 8.15.1 |
Affected products
5- osv-coords4 versionspkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-iamguardedpkg:bitnami/elasticsearchpkg:maven/org.elasticsearch/elasticsearch
< 7.17.29-r11+ 3 more
- (no CPE)range: < 7.17.29-r11
- (no CPE)range: < 7.17.29-r11
- (no CPE)range: >= 7.17.0, < 8.15.1
- (no CPE)range: >= 7.17.0, < 8.15.1
- Range: 7.17.0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-ghfh-p92w-j4mgghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-52980ghsaADVISORY
- discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919ghsaWEB
- github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5ghsaWEB
- github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267ghsaWEB
News mentions
0No linked articles in our index yet.