Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.elasticsearch/elasticsearch@8.2.1
Typemaven
Namespaceorg.elasticsearch
Nameelasticsearch
Version8.2.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.19.8
Latest_non_vulnerable_version9.2.2
Affected_by_vulnerabilities
0
url VCID-7me3-yqqg-8ybn
vulnerability_id VCID-7me3-yqqg-8ybn
summary Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52979
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15868
published_at 2026-06-12T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.1573
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52979
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
4
reference_url https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
5
reference_url https://github.com/elastic/elasticsearch/pull/114002
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/pull/114002
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52979
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52979
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2363312
reference_id 2363312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2363312
8
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
reference_id 377709
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T13:25:38Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
9
reference_url https://github.com/advisories/GHSA-mm3m-5497-xggg
reference_id GHSA-mm3m-5497-xggg
reference_type
scores
url https://github.com/advisories/GHSA-mm3m-5497-xggg
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.16.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
1
vulnerability VCID-n2wb-9npe-v3gk
2
vulnerability VCID-vurm-1zz2-fqbm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.16.0
aliases CVE-2024-52979, GHSA-mm3m-5497-xggg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7me3-yqqg-8ybn
1
url VCID-g3pj-t279-1fbx
vulnerability_id VCID-g3pj-t279-1fbx
summary Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-37731
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11792
published_at 2026-06-11T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11875
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-37731
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
4
reference_url https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
5
reference_url https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2422248
reference_id 2422248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2422248
7
reference_url https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
reference_id 384063
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-16T04:56:03Z/
url https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-37731
reference_id CVE-2025-37731
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-37731
9
reference_url https://github.com/advisories/GHSA-m9gh-789g-q5pv
reference_id GHSA-m9gh-789g-q5pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9gh-789g-q5pv
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.19.8
purl pkg:maven/org.elasticsearch/elasticsearch@8.19.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.8
1
url pkg:maven/org.elasticsearch/elasticsearch@9.1.8
purl pkg:maven/org.elasticsearch/elasticsearch@9.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.8
2
url pkg:maven/org.elasticsearch/elasticsearch@9.2.2
purl pkg:maven/org.elasticsearch/elasticsearch@9.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.2.2
aliases CVE-2025-37731, GHSA-m9gh-789g-q5pv
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pj-t279-1fbx
2
url VCID-hd3x-5s2r-kqgq
vulnerability_id VCID-hd3x-5s2r-kqgq
summary An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43709.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43709.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-43709
reference_id
reference_type
scores
0
value 0.00944
scoring_system epss
scoring_elements 0.76807
published_at 2026-06-12T12:55:00Z
1
value 0.00944
scoring_system epss
scoring_elements 0.76737
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-43709
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-43709
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-43709
4
reference_url https://security.netapp.com/advisory/ntap-20250221-0007
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20250221-0007
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2339113
reference_id 2339113
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2339113
6
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442
reference_id 373442
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T16:27:32Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442
7
reference_url https://github.com/advisories/GHSA-jgx4-7v3v-vwfm
reference_id GHSA-jgx4-7v3v-vwfm
reference_type
scores
url https://github.com/advisories/GHSA-jgx4-7v3v-vwfm
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.13.3
purl pkg:maven/org.elasticsearch/elasticsearch@8.13.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-15z2-k1jk-eufc
1
vulnerability VCID-7me3-yqqg-8ybn
2
vulnerability VCID-g3pj-t279-1fbx
3
vulnerability VCID-kb8w-uxwq-byhk
4
vulnerability VCID-n2wb-9npe-v3gk
5
vulnerability VCID-t1am-32ae-xqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.13.3
aliases CVE-2024-43709, GHSA-jgx4-7v3v-vwfm
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd3x-5s2r-kqgq
3
url VCID-hg6b-q99h-cfgh
vulnerability_id VCID-hg6b-q99h-cfgh
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46673.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46673.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-46673
reference_id
reference_type
scores
0
value 0.00458
scoring_system epss
scoring_elements 0.64534
published_at 2026-06-12T12:55:00Z
1
value 0.00458
scoring_system epss
scoring_elements 0.64432
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-46673
2
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-46673
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-46673
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2251123
reference_id 2251123
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2251123
6
reference_url https://github.com/advisories/GHSA-285m-vhfq-xx4h
reference_id GHSA-285m-vhfq-xx4h
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-285m-vhfq-xx4h
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.10.3
purl pkg:maven/org.elasticsearch/elasticsearch@8.10.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-678j-hy42-g3h9
1
vulnerability VCID-7me3-yqqg-8ybn
2
vulnerability VCID-g3pj-t279-1fbx
3
vulnerability VCID-hd3x-5s2r-kqgq
4
vulnerability VCID-kb8w-uxwq-byhk
5
vulnerability VCID-n2wb-9npe-v3gk
6
vulnerability VCID-t1am-32ae-xqb4
7
vulnerability VCID-tbv9-8xna-5qay
8
vulnerability VCID-w7u5-rf5p-tydz
9
vulnerability VCID-wxj4-x2pn-ykeb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.10.3
aliases CVE-2023-46673, GHSA-285m-vhfq-xx4h
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hg6b-q99h-cfgh
4
url VCID-hj68-jbcs-xbe1
vulnerability_id VCID-hj68-jbcs-xbe1
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31417.json
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31417.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31417
reference_id
reference_type
scores
0
value 0.0006
scoring_system epss
scoring_elements 0.18961
published_at 2026-06-11T12:55:00Z
1
value 0.0006
scoring_system epss
scoring_elements 0.19127
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31417
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-8-9-2-and-7-17-13-security-update/342479
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31417
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31417
4
reference_url https://security.netapp.com/advisory/ntap-20231130-0006
reference_id
reference_type
scores
0
value 4.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231130-0006
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2237927
reference_id 2237927
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2237927
6
reference_url https://github.com/advisories/GHSA-99pc-69q9-jxf2
reference_id GHSA-99pc-69q9-jxf2
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-99pc-69q9-jxf2
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.9.2
purl pkg:maven/org.elasticsearch/elasticsearch@8.9.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-hd3x-5s2r-kqgq
3
vulnerability VCID-hg6b-q99h-cfgh
4
vulnerability VCID-kb8w-uxwq-byhk
5
vulnerability VCID-n2wb-9npe-v3gk
6
vulnerability VCID-t1am-32ae-xqb4
7
vulnerability VCID-tbv9-8xna-5qay
8
vulnerability VCID-w7u5-rf5p-tydz
9
vulnerability VCID-wxj4-x2pn-ykeb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.2
aliases CVE-2023-31417, GHSA-99pc-69q9-jxf2
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj68-jbcs-xbe1
5
url VCID-kb8w-uxwq-byhk
vulnerability_id VCID-kb8w-uxwq-byhk
summary 
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.

A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52980
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33341
published_at 2026-06-11T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33524
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52980
1
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
2
reference_url https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5
3
reference_url https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52980
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52980
5
reference_url https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
reference_id 376919
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T19:59:32Z/
url https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
6
reference_url https://github.com/advisories/GHSA-ghfh-p92w-j4mg
reference_id GHSA-ghfh-p92w-j4mg
reference_type
scores
url https://github.com/advisories/GHSA-ghfh-p92w-j4mg
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.15.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-n2wb-9npe-v3gk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.15.1
aliases CVE-2024-52980, GHSA-ghfh-p92w-j4mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kb8w-uxwq-byhk
6
url VCID-n2wb-9npe-v3gk
vulnerability_id VCID-n2wb-9npe-v3gk
summary Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-37727
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.05475
published_at 2026-06-11T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.055
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-37727
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
4
reference_url https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403034
reference_id 2403034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403034
6
reference_url https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
reference_id 382453
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:34:28Z/
url https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-37727
reference_id CVE-2025-37727
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-37727
8
reference_url https://github.com/advisories/GHSA-56r7-h6mw-rcfv
reference_id GHSA-56r7-h6mw-rcfv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56r7-h6mw-rcfv
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.18.8
purl pkg:maven/org.elasticsearch/elasticsearch@8.18.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.18.8
1
url pkg:maven/org.elasticsearch/elasticsearch@8.19.5
purl pkg:maven/org.elasticsearch/elasticsearch@8.19.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.5
2
url pkg:maven/org.elasticsearch/elasticsearch@9.0.8
purl pkg:maven/org.elasticsearch/elasticsearch@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.0.8
3
url pkg:maven/org.elasticsearch/elasticsearch@9.1.5
purl pkg:maven/org.elasticsearch/elasticsearch@9.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.5
aliases CVE-2025-37727, GHSA-56r7-h6mw-rcfv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2wb-9npe-v3gk
7
url VCID-sqsc-r55f-rbbc
vulnerability_id VCID-sqsc-r55f-rbbc
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31418.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31418.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31418
reference_id
reference_type
scores
0
value 0.00762
scoring_system epss
scoring_elements 0.73889
published_at 2026-06-12T12:55:00Z
1
value 0.00762
scoring_system epss
scoring_elements 0.73815
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31418
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31418
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31418
5
reference_url https://security.netapp.com/advisory/ntap-20231130-0005
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231130-0005
6
reference_url https://security.netapp.com/advisory/ntap-20231130-0005/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231130-0005/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246938
reference_id 2246938
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246938
8
reference_url https://github.com/advisories/GHSA-2cqf-6xv9-f22w
reference_id GHSA-2cqf-6xv9-f22w
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2cqf-6xv9-f22w
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.9.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-hd3x-5s2r-kqgq
3
vulnerability VCID-hg6b-q99h-cfgh
4
vulnerability VCID-hj68-jbcs-xbe1
5
vulnerability VCID-kb8w-uxwq-byhk
6
vulnerability VCID-n2wb-9npe-v3gk
7
vulnerability VCID-sz13-7mtg-9uf4
8
vulnerability VCID-t1am-32ae-xqb4
9
vulnerability VCID-tbv9-8xna-5qay
10
vulnerability VCID-w7u5-rf5p-tydz
11
vulnerability VCID-wxj4-x2pn-ykeb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.0
aliases CVE-2023-31418, GHSA-2cqf-6xv9-f22w
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqsc-r55f-rbbc
8
url VCID-sz13-7mtg-9uf4
vulnerability_id VCID-sz13-7mtg-9uf4
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31419.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31419.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-31419
reference_id
reference_type
scores
0
value 0.35125
scoring_system epss
scoring_elements 0.97149
published_at 2026-06-12T12:55:00Z
1
value 0.35125
scoring_system epss
scoring_elements 0.97142
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-31419
2
reference_url https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elasticsearch-8-9-1-7-17-13-security-update/343297
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-31419
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-31419
4
reference_url https://security.netapp.com/advisory/ntap-20231116-0010
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20231116-0010
5
reference_url https://security.netapp.com/advisory/ntap-20231116-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20231116-0010/
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2246940
reference_id 2246940
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2246940
7
reference_url https://github.com/advisories/GHSA-qwrx-45xf-jjf7
reference_id GHSA-qwrx-45xf-jjf7
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-qwrx-45xf-jjf7
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.9.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.9.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-hd3x-5s2r-kqgq
3
vulnerability VCID-hg6b-q99h-cfgh
4
vulnerability VCID-hj68-jbcs-xbe1
5
vulnerability VCID-kb8w-uxwq-byhk
6
vulnerability VCID-n2wb-9npe-v3gk
7
vulnerability VCID-t1am-32ae-xqb4
8
vulnerability VCID-tbv9-8xna-5qay
9
vulnerability VCID-w7u5-rf5p-tydz
10
vulnerability VCID-wxj4-x2pn-ykeb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.1
aliases CVE-2023-31419, GHSA-qwrx-45xf-jjf7
risk_score 3.4
exploitability 0.5
weighted_severity 6.8
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sz13-7mtg-9uf4
9
url VCID-t1am-32ae-xqb4
vulnerability_id VCID-t1am-32ae-xqb4
summary An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52981
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.25802
published_at 2026-06-11T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.26003
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52981
1
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
2
reference_url https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495
3
reference_url https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c
4
reference_url https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52981
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52981
6
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924
reference_id 376924
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T19:58:40Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924
7
reference_url https://github.com/advisories/GHSA-5xm9-x7x4-4j5x
reference_id GHSA-5xm9-x7x4-4j5x
reference_type
scores
url https://github.com/advisories/GHSA-5xm9-x7x4-4j5x
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.15.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-n2wb-9npe-v3gk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.15.1
aliases CVE-2024-52981, GHSA-5xm9-x7x4-4j5x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1am-32ae-xqb4
10
url VCID-tbv9-8xna-5qay
vulnerability_id VCID-tbv9-8xna-5qay
summary A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23450.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23450.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23450
reference_id
reference_type
scores
0
value 0.01035
scoring_system epss
scoring_elements 0.778
published_at 2026-06-11T12:55:00Z
1
value 0.01035
scoring_system epss
scoring_elements 0.77868
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23450
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://security.netapp.com/advisory/ntap-20240517-0010
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20240517-0010
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2271933
reference_id 2271933
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2271933
5
reference_url https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314
reference_id 356314
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T01:36:22Z/
url https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23450
reference_id CVE-2024-23450
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-23450
7
reference_url https://github.com/advisories/GHSA-w5gg-2q56-6h4f
reference_id GHSA-w5gg-2q56-6h4f
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-w5gg-2q56-6h4f
8
reference_url https://security.netapp.com/advisory/ntap-20240517-0010/
reference_id ntap-20240517-0010
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T01:36:22Z/
url https://security.netapp.com/advisory/ntap-20240517-0010/
9
reference_url https://www.elastic.co/community/security
reference_id security
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-16T01:36:22Z/
url https://www.elastic.co/community/security
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.13.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.13.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-hd3x-5s2r-kqgq
3
vulnerability VCID-kb8w-uxwq-byhk
4
vulnerability VCID-n2wb-9npe-v3gk
5
vulnerability VCID-t1am-32ae-xqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.13.0
aliases CVE-2024-23450, GHSA-w5gg-2q56-6h4f
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tbv9-8xna-5qay
11
url VCID-wxj4-x2pn-ykeb
vulnerability_id VCID-wxj4-x2pn-ykeb
summary An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49921.json
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49921.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-49921
reference_id
reference_type
scores
0
value 0.00701
scoring_system epss
scoring_elements 0.72497
published_at 2026-06-11T12:55:00Z
1
value 0.00701
scoring_system epss
scoring_elements 0.72575
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-49921
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2254251
reference_id 2254251
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2254251
4
reference_url https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179
reference_id 349179
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T13:47:02Z/
url https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-49921
reference_id CVE-2023-49921
reference_type
scores
0
value 5.2
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
1
value 4.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-49921
6
reference_url https://github.com/advisories/GHSA-2hjr-vmf3-xwvp
reference_id GHSA-2hjr-vmf3-xwvp
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-2hjr-vmf3-xwvp
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.11.2
purl pkg:maven/org.elasticsearch/elasticsearch@8.11.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-678j-hy42-g3h9
1
vulnerability VCID-7me3-yqqg-8ybn
2
vulnerability VCID-g3pj-t279-1fbx
3
vulnerability VCID-hd3x-5s2r-kqgq
4
vulnerability VCID-kb8w-uxwq-byhk
5
vulnerability VCID-n2wb-9npe-v3gk
6
vulnerability VCID-t1am-32ae-xqb4
7
vulnerability VCID-tbv9-8xna-5qay
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.11.2
aliases CVE-2023-49921, GHSA-2hjr-vmf3-xwvp
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxj4-x2pn-ykeb
Fixing_vulnerabilities
0
url VCID-66t7-7qkb-fffz
vulnerability_id VCID-66t7-7qkb-fffz
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23712.json
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-23712.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-23712
reference_id
reference_type
scores
0
value 0.03234
scoring_system epss
scoring_elements 0.87406
published_at 2026-06-12T12:55:00Z
1
value 0.03234
scoring_system epss
scoring_elements 0.87361
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-23712
2
reference_url https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530
3
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
4
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
5
reference_url https://security.netapp.com/advisory/ntap-20220707-0010
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://security.netapp.com/advisory/ntap-20220707-0010
6
reference_url https://security.netapp.com/advisory/ntap-20220707-0010/
reference_id
reference_type
scores
url https://security.netapp.com/advisory/ntap-20220707-0010/
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2094515
reference_id 2094515
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2094515
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-23712
reference_id CVE-2022-23712
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-23712
9
reference_url https://github.com/advisories/GHSA-wh6w-69xc-5rq5
reference_id GHSA-wh6w-69xc-5rq5
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-wh6w-69xc-5rq5
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.2.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-hd3x-5s2r-kqgq
3
vulnerability VCID-hg6b-q99h-cfgh
4
vulnerability VCID-hj68-jbcs-xbe1
5
vulnerability VCID-kb8w-uxwq-byhk
6
vulnerability VCID-n2wb-9npe-v3gk
7
vulnerability VCID-sqsc-r55f-rbbc
8
vulnerability VCID-sz13-7mtg-9uf4
9
vulnerability VCID-t1am-32ae-xqb4
10
vulnerability VCID-tbv9-8xna-5qay
11
vulnerability VCID-wxj4-x2pn-ykeb
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.2.1
aliases CVE-2022-23712, GHSA-wh6w-69xc-5rq5
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-66t7-7qkb-fffz
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.2.1