Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.elasticsearch/elasticsearch@8.18.8

Type maven

Namespace org.elasticsearch

Name elasticsearch

Version 8.18.8

Qualifiers

Subpath

Is_vulnerable false

Next_non_vulnerable_version 8.19.5

Latest_non_vulnerable_version 9.2.2

Affected_by_vulnerabilities

Fixing_vulnerabilities

url VCID-2dh7-uz4v-m7by

vulnerability_id VCID-2dh7-uz4v-m7by

summary

Elasticsearch: Insertion of Sensitive Information into Log File via reindex API
Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the  reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json

reference_url

https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db

reference_url

https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403034
reference_id	2403034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403034

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-37727

reference_id

CVE-2025-37727

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-37727

reference_url	https://github.com/advisories/GHSA-56r7-h6mw-rcfv
reference_id	GHSA-56r7-h6mw-rcfv
reference_type
scores
url	https://github.com/advisories/GHSA-56r7-h6mw-rcfv

fixed_packages

url	pkg:maven/org.elasticsearch/elasticsearch@8.18.8
purl	pkg:maven/org.elasticsearch/elasticsearch@8.18.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.18.8

url	pkg:maven/org.elasticsearch/elasticsearch@8.19.5
purl	pkg:maven/org.elasticsearch/elasticsearch@8.19.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.5

url	pkg:maven/org.elasticsearch/elasticsearch@9.0.8
purl	pkg:maven/org.elasticsearch/elasticsearch@9.0.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.0.8

url	pkg:maven/org.elasticsearch/elasticsearch@9.1.5
purl	pkg:maven/org.elasticsearch/elasticsearch@9.1.5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.5

aliases CVE-2025-37727, GHSA-56r7-h6mw-rcfv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2dh7-uz4v-m7by

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.18.8

Package Instance