Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:maven/org.elasticsearch/elasticsearch@8.14.0
Typemaven
Namespaceorg.elasticsearch
Nameelasticsearch
Version8.14.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version8.19.8
Latest_non_vulnerable_version9.2.2
Affected_by_vulnerabilities
0
url VCID-7me3-yqqg-8ybn
vulnerability_id VCID-7me3-yqqg-8ybn
summary Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json
reference_id
reference_type
scores
0
value 4.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52979
reference_id
reference_type
scores
0
value 0.00049
scoring_system epss
scoring_elements 0.15868
published_at 2026-06-12T12:55:00Z
1
value 0.00049
scoring_system epss
scoring_elements 0.15846
published_at 2026-06-14T12:55:00Z
2
value 0.00049
scoring_system epss
scoring_elements 0.1573
published_at 2026-06-11T12:55:00Z
3
value 0.00049
scoring_system epss
scoring_elements 0.15878
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52979
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
4
reference_url https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
5
reference_url https://github.com/elastic/elasticsearch/pull/114002
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/pull/114002
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52979
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52979
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2363312
reference_id 2363312
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2363312
8
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
reference_id 377709
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T13:25:38Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
9
reference_url https://github.com/advisories/GHSA-mm3m-5497-xggg
reference_id GHSA-mm3m-5497-xggg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mm3m-5497-xggg
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.16.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.16.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
1
vulnerability VCID-n2wb-9npe-v3gk
2
vulnerability VCID-vurm-1zz2-fqbm
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.16.0
aliases CVE-2024-52979, GHSA-mm3m-5497-xggg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7me3-yqqg-8ybn
1
url VCID-g3pj-t279-1fbx
vulnerability_id VCID-g3pj-t279-1fbx
summary Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
reference_id
reference_type
scores
0
value 7.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-37731
reference_id
reference_type
scores
0
value 0.00038
scoring_system epss
scoring_elements 0.11851
published_at 2026-06-14T12:55:00Z
1
value 0.00038
scoring_system epss
scoring_elements 0.11875
published_at 2026-06-13T12:55:00Z
2
value 0.00038
scoring_system epss
scoring_elements 0.11792
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-37731
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f
4
reference_url https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983
5
reference_url https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
reference_id
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23
6
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2422248
reference_id 2422248
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2422248
7
reference_url https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
reference_id 384063
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-16T04:56:03Z/
url https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-37731
reference_id CVE-2025-37731
reference_type
scores
0
value 6.8
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-37731
9
reference_url https://github.com/advisories/GHSA-m9gh-789g-q5pv
reference_id GHSA-m9gh-789g-q5pv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-m9gh-789g-q5pv
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.19.8
purl pkg:maven/org.elasticsearch/elasticsearch@8.19.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.8
1
url pkg:maven/org.elasticsearch/elasticsearch@9.1.8
purl pkg:maven/org.elasticsearch/elasticsearch@9.1.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.8
2
url pkg:maven/org.elasticsearch/elasticsearch@9.2.2
purl pkg:maven/org.elasticsearch/elasticsearch@9.2.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.2.2
aliases CVE-2025-37731, GHSA-m9gh-789g-q5pv
risk_score 3.4
exploitability 0.5
weighted_severity 6.7
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pj-t279-1fbx
2
url VCID-kb8w-uxwq-byhk
vulnerability_id VCID-kb8w-uxwq-byhk
summary 
A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.

A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52980
reference_id
reference_type
scores
0
value 0.00136
scoring_system epss
scoring_elements 0.33524
published_at 2026-06-12T12:55:00Z
1
value 0.00136
scoring_system epss
scoring_elements 0.33519
published_at 2026-06-14T12:55:00Z
2
value 0.00136
scoring_system epss
scoring_elements 0.33341
published_at 2026-06-11T12:55:00Z
3
value 0.00136
scoring_system epss
scoring_elements 0.33545
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52980
1
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
2
reference_url https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5
3
reference_url https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267
4
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52980
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52980
5
reference_url https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
reference_id 376919
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T19:59:32Z/
url https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
6
reference_url https://github.com/advisories/GHSA-ghfh-p92w-j4mg
reference_id GHSA-ghfh-p92w-j4mg
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-ghfh-p92w-j4mg
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.15.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-n2wb-9npe-v3gk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.15.1
aliases CVE-2024-52980, GHSA-ghfh-p92w-j4mg
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kb8w-uxwq-byhk
3
url VCID-n2wb-9npe-v3gk
vulnerability_id VCID-n2wb-9npe-v3gk
summary Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-37727
reference_id
reference_type
scores
0
value 0.00019
scoring_system epss
scoring_elements 0.055
published_at 2026-06-12T12:55:00Z
1
value 0.00019
scoring_system epss
scoring_elements 0.05487
published_at 2026-06-14T12:55:00Z
2
value 0.00019
scoring_system epss
scoring_elements 0.05495
published_at 2026-06-13T12:55:00Z
3
value 0.00019
scoring_system epss
scoring_elements 0.05475
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-37727
2
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
3
reference_url https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db
4
reference_url https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
reference_id
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html
5
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2403034
reference_id 2403034
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2403034
6
reference_url https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
reference_id 382453
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:34:28Z/
url https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-37727
reference_id CVE-2025-37727
reference_type
scores
0
value 5.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-37727
8
reference_url https://github.com/advisories/GHSA-56r7-h6mw-rcfv
reference_id GHSA-56r7-h6mw-rcfv
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-56r7-h6mw-rcfv
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.18.8
purl pkg:maven/org.elasticsearch/elasticsearch@8.18.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.18.8
1
url pkg:maven/org.elasticsearch/elasticsearch@8.19.5
purl pkg:maven/org.elasticsearch/elasticsearch@8.19.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.5
2
url pkg:maven/org.elasticsearch/elasticsearch@9.0.8
purl pkg:maven/org.elasticsearch/elasticsearch@9.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.0.8
3
url pkg:maven/org.elasticsearch/elasticsearch@9.1.5
purl pkg:maven/org.elasticsearch/elasticsearch@9.1.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-g3pj-t279-1fbx
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.5
aliases CVE-2025-37727, GHSA-56r7-h6mw-rcfv
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2wb-9npe-v3gk
4
url VCID-t1am-32ae-xqb4
vulnerability_id VCID-t1am-32ae-xqb4
summary An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52981
reference_id
reference_type
scores
0
value 0.00092
scoring_system epss
scoring_elements 0.26003
published_at 2026-06-12T12:55:00Z
1
value 0.00092
scoring_system epss
scoring_elements 0.26004
published_at 2026-06-14T12:55:00Z
2
value 0.00092
scoring_system epss
scoring_elements 0.25802
published_at 2026-06-11T12:55:00Z
3
value 0.00092
scoring_system epss
scoring_elements 0.26018
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52981
1
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
2
reference_url https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495
3
reference_url https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c
4
reference_url https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52981
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52981
6
reference_url https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924
reference_id 376924
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T19:58:40Z/
url https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924
7
reference_url https://github.com/advisories/GHSA-5xm9-x7x4-4j5x
reference_id GHSA-5xm9-x7x4-4j5x
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-5xm9-x7x4-4j5x
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.15.1
purl pkg:maven/org.elasticsearch/elasticsearch@8.15.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-n2wb-9npe-v3gk
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.15.1
aliases CVE-2024-52981, GHSA-5xm9-x7x4-4j5x
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1am-32ae-xqb4
Fixing_vulnerabilities
0
url VCID-15z2-k1jk-eufc
vulnerability_id VCID-15z2-k1jk-eufc
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37280.json
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-37280.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37280
reference_id
reference_type
scores
0
value 0.00349
scoring_system epss
scoring_elements 0.57874
published_at 2026-06-12T12:55:00Z
1
value 0.00349
scoring_system epss
scoring_elements 0.5788
published_at 2026-06-14T12:55:00Z
2
value 0.00349
scoring_system epss
scoring_elements 0.57762
published_at 2026-06-11T12:55:00Z
3
value 0.00349
scoring_system epss
scoring_elements 0.5789
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37280
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://github.com/elastic/elasticsearch
reference_id
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/elastic/elasticsearch
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2290834
reference_id 2290834
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2290834
5
reference_url https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007
reference_id 361007
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-13T21:15:50Z/
url https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37280
reference_id CVE-2024-37280
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37280
7
reference_url https://github.com/advisories/GHSA-4q22-422g-m4pj
reference_id GHSA-4q22-422g-m4pj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4q22-422g-m4pj
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.14.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-kb8w-uxwq-byhk
3
vulnerability VCID-n2wb-9npe-v3gk
4
vulnerability VCID-t1am-32ae-xqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.14.0
aliases CVE-2024-37280, GHSA-4q22-422g-m4pj
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-15z2-k1jk-eufc
1
url VCID-62kp-8rjr-c3ef
vulnerability_id VCID-62kp-8rjr-c3ef
summary
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23445.json
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-23445.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-23445
reference_id
reference_type
scores
0
value 0.00206
scoring_system epss
scoring_elements 0.4319
published_at 2026-06-14T12:55:00Z
1
value 0.00206
scoring_system epss
scoring_elements 0.43021
published_at 2026-06-11T12:55:00Z
2
value 0.00206
scoring_system epss
scoring_elements 0.4318
published_at 2026-06-12T12:55:00Z
3
value 0.00206
scoring_system epss
scoring_elements 0.43199
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-23445
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
3
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2290705
reference_id 2290705
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2290705
4
reference_url https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-13/360898
reference_id 360898
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-06-12T19:25:42Z/
url https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-13/360898
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-23445
reference_id CVE-2024-23445
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2024-23445
6
reference_url https://github.com/advisories/GHSA-4c7q-m7hc-pc92
reference_id GHSA-4c7q-m7hc-pc92
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4c7q-m7hc-pc92
fixed_packages
0
url pkg:maven/org.elasticsearch/elasticsearch@8.14.0
purl pkg:maven/org.elasticsearch/elasticsearch@8.14.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-7me3-yqqg-8ybn
1
vulnerability VCID-g3pj-t279-1fbx
2
vulnerability VCID-kb8w-uxwq-byhk
3
vulnerability VCID-n2wb-9npe-v3gk
4
vulnerability VCID-t1am-32ae-xqb4
resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.14.0
aliases CVE-2024-23445, GHSA-4c7q-m7hc-pc92
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-62kp-8rjr-c3ef
Risk_score3.4
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.14.0