Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.elasticsearch/elasticsearch@8.0.0-alpha1

Type maven

Namespace org.elasticsearch

Name elasticsearch

Version 8.0.0-alpha1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.19.8

Latest_non_vulnerable_version 9.2.2

Affected_by_vulnerabilities

url VCID-7me3-yqqg-8ybn

vulnerability_id VCID-7me3-yqqg-8ybn

summary Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52979

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.1573
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52979

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91

reference_url

https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf

reference_url

https://github.com/elastic/elasticsearch/pull/114002

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/pull/114002

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52979

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52979

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2363312
reference_id	2363312
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2363312

reference_url

https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709

reference_id

377709

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T13:25:38Z/

url

https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709

reference_url	https://github.com/advisories/GHSA-mm3m-5497-xggg
reference_id	GHSA-mm3m-5497-xggg
reference_type
scores
url	https://github.com/advisories/GHSA-mm3m-5497-xggg

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@8.16.0

purl pkg:maven/org.elasticsearch/elasticsearch@8.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-vurm-1zz2-fqbm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.16.0

aliases CVE-2024-52979, GHSA-mm3m-5497-xggg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7me3-yqqg-8ybn

url VCID-g3pj-t279-1fbx

vulnerability_id VCID-g3pj-t279-1fbx

summary Improper Authentication in Elasticsearch PKI realm can lead to user impersonation via specially crafted client certificates. A malicious actor would need to have such a crafted client certificate signed by a legitimate, trusted Certificate Authority.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37731.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-37731

reference_id

reference_type

scores

value	0.00038
scoring_system	epss
scoring_elements	0.11792
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-37731

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/cd97b8566bf56e628070021300784cb9cee0286f

reference_url

https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/d8a408da79f214395845d99d241e832077045983

reference_url

https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/e519fe4c51a3c887675eb7daea2f914738847f23

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2422248
reference_id	2422248
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2422248

reference_url

https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063

reference_id

384063

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-16T04:56:03Z/

url

https://discuss.elastic.co/t/elasticsearch-8-19-8-9-1-8-and-9-2-2-security-update-esa-2025-27/384063

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-37731

reference_id

CVE-2025-37731

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-37731

reference_url

https://github.com/advisories/GHSA-m9gh-789g-q5pv

reference_id

GHSA-m9gh-789g-q5pv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m9gh-789g-q5pv

fixed_packages

url	pkg:maven/org.elasticsearch/elasticsearch@8.19.8
purl	pkg:maven/org.elasticsearch/elasticsearch@8.19.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.8

url	pkg:maven/org.elasticsearch/elasticsearch@9.1.8
purl	pkg:maven/org.elasticsearch/elasticsearch@9.1.8
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.8

url	pkg:maven/org.elasticsearch/elasticsearch@9.2.2
purl	pkg:maven/org.elasticsearch/elasticsearch@9.2.2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.2.2

aliases CVE-2025-37731, GHSA-m9gh-789g-q5pv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g3pj-t279-1fbx

url VCID-kb8w-uxwq-byhk

vulnerability_id VCID-kb8w-uxwq-byhk

summary

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.

A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52980

reference_id

reference_type

scores

value	0.00136
scoring_system	epss
scoring_elements	0.33341
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52980

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/4e5c6801f4d60f100f122072f6bf35b21fd722a5

reference_url

https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/a02dc7165c75f12701f8d47a2bdefe5283735267

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52980

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52980

reference_url

https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919

reference_id

376919

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T19:59:32Z/

url

https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919

reference_url	https://github.com/advisories/GHSA-ghfh-p92w-j4mg
reference_id	GHSA-ghfh-p92w-j4mg
reference_type
scores
url	https://github.com/advisories/GHSA-ghfh-p92w-j4mg

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@8.15.1

purl pkg:maven/org.elasticsearch/elasticsearch@8.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-n2wb-9npe-v3gk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.15.1

aliases CVE-2024-52980, GHSA-ghfh-p92w-j4mg

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kb8w-uxwq-byhk

url VCID-kq24-zu2t-3ud3

vulnerability_id VCID-kq24-zu2t-3ud3

summary It was discovered by Elastic engineering that when elasticsearch-certutil CLI tool is used with the csr option in order to create a new Certificate Signing Requests, the associated private key that is generated is stored on disk unencrypted even if the --pass parameter is passed in the command invocation.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-23444

reference_id

reference_type

scores

value	0.01483
scoring_system	epss
scoring_elements	0.81421
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-23444

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/07296d596a1dee24730e33ad40b6726f70c6fc23

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/07296d596a1dee24730e33ad40b6726f70c6fc23

reference_url

https://github.com/elastic/elasticsearch/commit/321c4e1e6b738bf80faa41dbb9881489a4ab44e5

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/321c4e1e6b738bf80faa41dbb9881489a4ab44e5

reference_url

https://github.com/elastic/elasticsearch/commit/bb1eddada3678257838b0590090ff9eb68acaa1b

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/bb1eddada3678257838b0590090ff9eb68acaa1b

reference_url

https://github.com/elastic/elasticsearch/pull/106105

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/pull/106105

reference_url

https://github.com/elastic/elasticsearch/pull/109834

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/pull/109834

reference_url

https://security.netapp.com/advisory/ntap-20250404-0001

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250404-0001

reference_url

https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-23-security-update-esa-2024-12/364157

reference_id

364157

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-31T18:45:22Z/

url

https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-23-security-update-esa-2024-12/364157

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-23444

reference_id

CVE-2024-23444

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-23444

reference_url

https://github.com/advisories/GHSA-5v8f-xx9m-wj44

reference_id

GHSA-5v8f-xx9m-wj44

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5v8f-xx9m-wj44

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@8.13.0

purl pkg:maven/org.elasticsearch/elasticsearch@8.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-t1am-32ae-xqb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.13.0

aliases CVE-2024-23444, GHSA-5v8f-xx9m-wj44

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kq24-zu2t-3ud3

url VCID-n2wb-9npe-v3gk

vulnerability_id VCID-n2wb-9npe-v3gk

summary Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-37727.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-37727

reference_id

reference_type

scores

value	0.00019
scoring_system	epss
scoring_elements	0.05475
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-37727

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/e982eef416a5e1c2a4e94236d7d3b33b5c8d07db

reference_url

https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://www.elastic.co/guide/en/elasticsearch/reference/8.18/release-notes-8.18.8.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2403034
reference_id	2403034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2403034

reference_url

https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453

reference_id

382453

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-10T16:34:28Z/

url

https://discuss.elastic.co/t/elasticsearch-8-18-8-8-19-5-9-0-8-9-1-5-security-update-esa-2025-18/382453

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2025-37727

reference_id

CVE-2025-37727

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2025-37727

reference_url

https://github.com/advisories/GHSA-56r7-h6mw-rcfv

reference_id

GHSA-56r7-h6mw-rcfv

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-56r7-h6mw-rcfv

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@8.18.8

purl pkg:maven/org.elasticsearch/elasticsearch@8.18.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.18.8

url pkg:maven/org.elasticsearch/elasticsearch@8.19.5

purl pkg:maven/org.elasticsearch/elasticsearch@8.19.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.19.5

url pkg:maven/org.elasticsearch/elasticsearch@9.0.8

purl pkg:maven/org.elasticsearch/elasticsearch@9.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.0.8

url pkg:maven/org.elasticsearch/elasticsearch@9.1.5

purl pkg:maven/org.elasticsearch/elasticsearch@9.1.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@9.1.5

aliases CVE-2025-37727, GHSA-56r7-h6mw-rcfv

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n2wb-9npe-v3gk

url VCID-t1am-32ae-xqb4

vulnerability_id VCID-t1am-32ae-xqb4

summary An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52981

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25802
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52981

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495

reference_url

https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c

reference_url

https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52981

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52981

reference_url

https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924

reference_id

376924

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T19:58:40Z/

url

https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924

reference_url	https://github.com/advisories/GHSA-5xm9-x7x4-4j5x
reference_id	GHSA-5xm9-x7x4-4j5x
reference_type
scores
url	https://github.com/advisories/GHSA-5xm9-x7x4-4j5x

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@8.15.1

purl pkg:maven/org.elasticsearch/elasticsearch@8.15.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-n2wb-9npe-v3gk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.15.1

aliases CVE-2024-52981, GHSA-5xm9-x7x4-4j5x

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t1am-32ae-xqb4

Fixing_vulnerabilities

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.0.0-alpha1

Package Instance