VYPR

App Search

by Elastic

CVEs (3)

  • CVE-2023-49923Dec 12, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered by Elastic whereby the Documents API of App Search logged the raw contents of indexed documents at INFO log level. Depending on the contents of such documents, this could lead to the insertion of sensitive or private information in the App Search logs.…

  • CVE-2021-22140May 13, 2021
    risk 0.00cvss epss 0.01

    Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse…

  • CVE-2020-7011Jun 3, 2020
    risk 0.00cvss epss 0.01

    Elastic App Search versions before 7.7.0 contain a cross site scripting (XSS) flaw when displaying document URLs in the Reference UI. If the Reference UI injects a URL into a result, that URL will be rendered by the web browser. If an attacker is able to control the contents of…