Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:maven/org.elasticsearch/elasticsearch@6.3.1

Type maven

Namespace org.elasticsearch

Name elasticsearch

Version 6.3.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 8.19.8

Latest_non_vulnerable_version 9.2.2

Affected_by_vulnerabilities

url VCID-4d68-t6c4-jbhz

vulnerability_id VCID-4d68-t6c4-jbhz

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7614.json

reference_id

reference_type

scores

value	2.0
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:A/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7614.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7614

reference_id

reference_type

scores

value	0.00385
scoring_system	epss
scoring_elements	0.60231
published_at	2026-06-12T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.60124
published_at	2026-06-11T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.60234
published_at	2026-06-14T12:55:00Z

value	0.00385
scoring_system	epss
scoring_elements	0.60242
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7614

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7614

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7614

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1747240
reference_id	1747240
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1747240

reference_url

https://github.com/advisories/GHSA-jqm6-m3j3-8gg9

reference_id

GHSA-jqm6-m3j3-8gg9

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jqm6-m3j3-8gg9

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.8.2

purl pkg:maven/org.elasticsearch/elasticsearch@6.8.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-d96v-sncn-kuaj

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-jmhq-y8uk-8be7

vulnerability	VCID-juz9-16tk-fqeb

vulnerability	VCID-mcs3-499n-qubx

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-sj1u-55kz-7kf4

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wswv-vdpq-auaw

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.8.2

url pkg:maven/org.elasticsearch/elasticsearch@7.2.1

purl pkg:maven/org.elasticsearch/elasticsearch@7.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-jmhq-y8uk-8be7

vulnerability	VCID-juz9-16tk-fqeb

vulnerability	VCID-mcs3-499n-qubx

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wswv-vdpq-auaw

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.2.1

aliases CVE-2019-7614, GHSA-jqm6-m3j3-8gg9

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4d68-t6c4-jbhz

url VCID-7me3-yqqg-8ybn

vulnerability_id VCID-7me3-yqqg-8ybn

summary Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-52979.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-52979

reference_id

reference_type

scores

value	0.00049
scoring_system	epss
scoring_elements	0.15868
published_at	2026-06-12T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15846
published_at	2026-06-14T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.1573
published_at	2026-06-11T12:55:00Z

value	0.00049
scoring_system	epss
scoring_elements	0.15878
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-52979

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91

reference_url

https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf

reference_url

https://github.com/elastic/elasticsearch/pull/114002

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch/pull/114002

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-52979

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-52979

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2363312
reference_id	2363312
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2363312

reference_url

https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709

reference_id

377709

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T13:25:38Z/

url

https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709

reference_url

https://github.com/advisories/GHSA-mm3m-5497-xggg

reference_id

GHSA-mm3m-5497-xggg

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-mm3m-5497-xggg

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@7.17.25

purl pkg:maven/org.elasticsearch/elasticsearch@7.17.25

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.25

url pkg:maven/org.elasticsearch/elasticsearch@8.16.0

purl pkg:maven/org.elasticsearch/elasticsearch@8.16.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-vurm-1zz2-fqbm

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.16.0

aliases CVE-2024-52979, GHSA-mm3m-5497-xggg

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7me3-yqqg-8ybn

url VCID-d96v-sncn-kuaj

vulnerability_id VCID-d96v-sncn-kuaj

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22137.json

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22137.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22137

reference_id

reference_type

scores

value	0.00235
scoring_system	epss
scoring_elements	0.46713
published_at	2026-06-14T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46573
published_at	2026-06-11T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46717
published_at	2026-06-12T12:55:00Z

value	0.00235
scoring_system	epss
scoring_elements	0.46728
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22137

reference_url

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elastic-stack-7-12-0-and-6-8-15-security-update/268125

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://security.netapp.com/advisory/ntap-20210625-0003

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210625-0003

reference_url	https://security.netapp.com/advisory/ntap-20210625-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210625-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1943189
reference_id	1943189
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1943189

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22137

reference_id

CVE-2021-22137

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22137

reference_url

https://github.com/advisories/GHSA-hr65-qq6p-87r4

reference_id

GHSA-hr65-qq6p-87r4

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-hr65-qq6p-87r4

reference_url	https://access.redhat.com/errata/RHSA-2022:5606
reference_id	RHSA-2022:5606
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5606

reference_url	https://access.redhat.com/errata/RHSA-2022:6407
reference_id	RHSA-2022:6407
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:6407

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.8.15

purl pkg:maven/org.elasticsearch/elasticsearch@6.8.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.8.15

url pkg:maven/org.elasticsearch/elasticsearch@7.11.2

purl pkg:maven/org.elasticsearch/elasticsearch@7.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-be7s-rm66-6bf9

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.11.2

aliases CVE-2021-22137, GHSA-hr65-qq6p-87r4

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d96v-sncn-kuaj

url VCID-hd3x-5s2r-kqgq

vulnerability_id VCID-hd3x-5s2r-kqgq

summary An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43709.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-43709.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-43709

reference_id

reference_type

scores

value	0.00944
scoring_system	epss
scoring_elements	0.76807
published_at	2026-06-12T12:55:00Z

value	0.00944
scoring_system	epss
scoring_elements	0.76815
published_at	2026-06-14T12:55:00Z

value	0.00944
scoring_system	epss
scoring_elements	0.76737
published_at	2026-06-11T12:55:00Z

value	0.00944
scoring_system	epss
scoring_elements	0.76821
published_at	2026-06-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-43709

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-43709

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-43709

reference_url

https://security.netapp.com/advisory/ntap-20250221-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20250221-0007

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2339113
reference_id	2339113
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2339113

reference_url

https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442

reference_id

373442

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-21T16:27:32Z/

url

https://discuss.elastic.co/t/elasticsearch-7-17-21-and-8-13-3-security-update-esa-2024-25/373442

reference_url

https://github.com/advisories/GHSA-jgx4-7v3v-vwfm

reference_id

GHSA-jgx4-7v3v-vwfm

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jgx4-7v3v-vwfm

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@7.17.21

purl pkg:maven/org.elasticsearch/elasticsearch@7.17.21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-t1am-32ae-xqb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.21

url pkg:maven/org.elasticsearch/elasticsearch@8.13.3

purl pkg:maven/org.elasticsearch/elasticsearch@8.13.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-15z2-k1jk-eufc

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-t1am-32ae-xqb4

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.13.3

aliases CVE-2024-43709, GHSA-jgx4-7v3v-vwfm

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hd3x-5s2r-kqgq

url VCID-kb2a-sxcw-c3fu

vulnerability_id VCID-kb2a-sxcw-c3fu

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7611.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-7611.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-7611

reference_id

reference_type

scores

value	0.01013
scoring_system	epss
scoring_elements	0.77629
published_at	2026-06-14T12:55:00Z

value	0.01013
scoring_system	epss
scoring_elements	0.77555
published_at	2026-06-11T12:55:00Z

value	0.01013
scoring_system	epss
scoring_elements	0.77637
published_at	2026-06-13T12:55:00Z

value	0.01013
scoring_system	epss
scoring_elements	0.77623
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-7611

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1696034
reference_id	1696034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1696034

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-7611

reference_id

CVE-2019-7611

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2019-7611

reference_url

https://github.com/advisories/GHSA-fj32-6v7m-57pg

reference_id

GHSA-fj32-6v7m-57pg

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-fj32-6v7m-57pg

reference_url	https://access.redhat.com/errata/RHSA-2020:0895
reference_id	RHSA-2020:0895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0895

reference_url	https://access.redhat.com/errata/RHSA-2020:0899
reference_id	RHSA-2020:0899
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:0899

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.6.1

purl pkg:maven/org.elasticsearch/elasticsearch@6.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4d68-t6c4-jbhz

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-d96v-sncn-kuaj

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-mcs3-499n-qubx

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-sj1u-55kz-7kf4

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.6.1

aliases CVE-2019-7611, GHSA-fj32-6v7m-57pg

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kb2a-sxcw-c3fu

url VCID-ktd2-vrt7-b7d9

vulnerability_id VCID-ktd2-vrt7-b7d9

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3831.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-3831.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-3831

reference_id

reference_type

scores

value	0.00817
scoring_system	epss
scoring_elements	0.74859
published_at	2026-06-14T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74778
published_at	2026-06-11T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74863
published_at	2026-06-13T12:55:00Z

value	0.00817
scoring_system	epss
scoring_elements	0.74849
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-3831

reference_url

https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elastic-stack-6-4-1-and-5-6-12-security-update/149035

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1632452
reference_id	1632452
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1632452

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-3831

reference_id

CVE-2018-3831

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-3831

reference_url

https://github.com/advisories/GHSA-r9fv-qpm9-rj4g

reference_id

GHSA-r9fv-qpm9-rj4g

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r9fv-qpm9-rj4g

reference_url	https://access.redhat.com/errata/RHSA-2020:3192
reference_id	RHSA-2020:3192
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2020:3192

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.4.1

purl pkg:maven/org.elasticsearch/elasticsearch@6.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4d68-t6c4-jbhz

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-d96v-sncn-kuaj

vulnerability	VCID-gc32-ddd6-8bhc

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-kb2a-sxcw-c3fu

vulnerability	VCID-mcs3-499n-qubx

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-sj1u-55kz-7kf4

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.4.1

aliases CVE-2018-3831, GHSA-r9fv-qpm9-rj4g

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ktd2-vrt7-b7d9

url VCID-mcs3-499n-qubx

vulnerability_id VCID-mcs3-499n-qubx

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7019.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7019.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7019

reference_id

reference_type

scores

value	0.00176
scoring_system	epss
scoring_elements	0.38938
published_at	2026-06-11T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39109
published_at	2026-06-12T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39133
published_at	2026-06-13T12:55:00Z

value	0.00176
scoring_system	epss
scoring_elements	0.39124
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7019

reference_url

https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elastic-stack-7-9-0-and-6-8-12-security-update/245456

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7019

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7019

reference_url

https://security.netapp.com/advisory/ntap-20200827-0001

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20200827-0001

reference_url	https://security.netapp.com/advisory/ntap-20200827-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20200827-0001/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1870346
reference_id	1870346
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1870346

reference_url

https://github.com/advisories/GHSA-c77j-p484-h84m

reference_id

GHSA-c77j-p484-h84m

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-c77j-p484-h84m

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.8.12

purl pkg:maven/org.elasticsearch/elasticsearch@6.8.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-d96v-sncn-kuaj

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-sj1u-55kz-7kf4

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.8.12

url pkg:maven/org.elasticsearch/elasticsearch@7.9.0

purl pkg:maven/org.elasticsearch/elasticsearch@7.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-edvf-1rgy-zyhz

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-qucu-5rmk-wqge

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.9.0

aliases CVE-2020-7019, GHSA-c77j-p484-h84m

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mcs3-499n-qubx

url VCID-mmxq-fp2q-mfgx

vulnerability_id VCID-mmxq-fp2q-mfgx

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7020.json

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7020.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7020

reference_id

reference_type

scores

value	0.00231
scoring_system	epss
scoring_elements	0.4604
published_at	2026-06-11T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46186
published_at	2026-06-12T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46194
published_at	2026-06-13T12:55:00Z

value	0.00231
scoring_system	epss
scoring_elements	0.46179
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7020

reference_url

https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elastic-stack-7-9-3-and-6-8-13-security-update/253033

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7020

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7020

reference_url

https://security.netapp.com/advisory/ntap-20201123-0001

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20201123-0001

reference_url	https://security.netapp.com/advisory/ntap-20201123-0001/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20201123-0001/

reference_url

https://staging-website.elastic.co/community/security

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://staging-website.elastic.co/community/security

reference_url	https://staging-website.elastic.co/community/security/
reference_id
reference_type
scores
url	https://staging-website.elastic.co/community/security/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1893125
reference_id	1893125
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1893125

reference_url

https://github.com/advisories/GHSA-g9fw-9x87-rmrj

reference_id

GHSA-g9fw-9x87-rmrj

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-g9fw-9x87-rmrj

reference_url	https://access.redhat.com/errata/RHSA-2022:5532
reference_id	RHSA-2022:5532
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:5532

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.8.13

purl pkg:maven/org.elasticsearch/elasticsearch@6.8.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-d96v-sncn-kuaj

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-sj1u-55kz-7kf4

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.8.13

url pkg:maven/org.elasticsearch/elasticsearch@7.9.2

purl pkg:maven/org.elasticsearch/elasticsearch@7.9.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-edvf-1rgy-zyhz

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-qucu-5rmk-wqge

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.9.2

aliases CVE-2020-7020, GHSA-g9fw-9x87-rmrj

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mmxq-fp2q-mfgx

url VCID-sj1u-55kz-7kf4

vulnerability_id VCID-sj1u-55kz-7kf4

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7021.json

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7021.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-7021

reference_id

reference_type

scores

value	0.00478
scoring_system	epss
scoring_elements	0.65548
published_at	2026-06-14T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.65439
published_at	2026-06-11T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.6555
published_at	2026-06-13T12:55:00Z

value	0.00478
scoring_system	epss
scoring_elements	0.6554
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-7021

reference_url

https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elastic-stack-7-11-0-and-6-8-14-security-update/263915

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	1.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url

https://security.netapp.com/advisory/ntap-20210319-0003

reference_id

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210319-0003

reference_url	https://security.netapp.com/advisory/ntap-20210319-0003/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210319-0003/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1927480
reference_id	1927480
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1927480

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-7021

reference_id

CVE-2020-7021

reference_type

scores

value	4.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-7021

reference_url

https://github.com/advisories/GHSA-cqgv-256r-m9r8

reference_id

GHSA-cqgv-256r-m9r8

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-cqgv-256r-m9r8

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.8.14

purl pkg:maven/org.elasticsearch/elasticsearch@6.8.14

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-d96v-sncn-kuaj

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.8.14

url pkg:maven/org.elasticsearch/elasticsearch@7.1.0

purl pkg:maven/org.elasticsearch/elasticsearch@7.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-4d68-t6c4-jbhz

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-jmhq-y8uk-8be7

vulnerability	VCID-juz9-16tk-fqeb

vulnerability	VCID-mcs3-499n-qubx

vulnerability	VCID-mmxq-fp2q-mfgx

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wswv-vdpq-auaw

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.1.0

url pkg:maven/org.elasticsearch/elasticsearch@7.10.0

purl pkg:maven/org.elasticsearch/elasticsearch@7.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-edvf-1rgy-zyhz

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-qucu-5rmk-wqge

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-u3d1-v47h-rud5

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.10.0

aliases CVE-2020-7021, GHSA-cqgv-256r-m9r8

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sj1u-55kz-7kf4

url VCID-sqsc-r55f-rbbc

vulnerability_id VCID-sqsc-r55f-rbbc

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31418.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-31418.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-31418

reference_id

reference_type

scores

value	0.00762
scoring_system	epss
scoring_elements	0.73815
published_at	2026-06-11T12:55:00Z

value	0.00762
scoring_system	epss
scoring_elements	0.73904
published_at	2026-06-14T12:55:00Z

value	0.00762
scoring_system	epss
scoring_elements	0.73889
published_at	2026-06-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-31418

reference_url

https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elasticsearch-8-9-0-7-17-13-security-update/343616

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-31418

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-31418

reference_url

https://security.netapp.com/advisory/ntap-20231130-0005

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20231130-0005

reference_url	https://security.netapp.com/advisory/ntap-20231130-0005/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20231130-0005/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2246938
reference_id	2246938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2246938

reference_url

https://github.com/advisories/GHSA-2cqf-6xv9-f22w

reference_id

GHSA-2cqf-6xv9-f22w

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2cqf-6xv9-f22w

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@7.17.13

purl pkg:maven/org.elasticsearch/elasticsearch@7.17.13

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-t1am-32ae-xqb4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.13

url pkg:maven/org.elasticsearch/elasticsearch@8.9.0

purl pkg:maven/org.elasticsearch/elasticsearch@8.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-t1am-32ae-xqb4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-w7u5-rf5p-tydz

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.9.0

aliases CVE-2023-31418, GHSA-2cqf-6xv9-f22w

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sqsc-r55f-rbbc

url VCID-u3d1-v47h-rud5

vulnerability_id VCID-u3d1-v47h-rud5

summary

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22144.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22144.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22144

reference_id

reference_type

scores

value	0.00471
scoring_system	epss
scoring_elements	0.65049
published_at	2026-06-11T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.65149
published_at	2026-06-12T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.6516
published_at	2026-06-13T12:55:00Z

value	0.00471
scoring_system	epss
scoring_elements	0.65157
published_at	2026-06-14T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22144

reference_url

https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2021-22144

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2021-22144

reference_url

https://security.netapp.com/advisory/ntap-20210827-0006

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20210827-0006

reference_url	https://security.netapp.com/advisory/ntap-20210827-0006/
reference_id
reference_type
scores
url	https://security.netapp.com/advisory/ntap-20210827-0006/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1987299
reference_id	1987299
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1987299

reference_url

https://github.com/advisories/GHSA-3393-hvrj-w7v3

reference_id

GHSA-3393-hvrj-w7v3

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3393-hvrj-w7v3

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@6.8.17

purl pkg:maven/org.elasticsearch/elasticsearch@6.8.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.8.17

url pkg:maven/org.elasticsearch/elasticsearch@7.13.3

purl pkg:maven/org.elasticsearch/elasticsearch@7.13.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-be7s-rm66-6bf9

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-hg6b-q99h-cfgh

vulnerability	VCID-hj68-jbcs-xbe1

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-sqsc-r55f-rbbc

vulnerability	VCID-sz13-7mtg-9uf4

vulnerability	VCID-tbv9-8xna-5qay

vulnerability	VCID-wxj4-x2pn-ykeb

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.13.3

aliases CVE-2021-22144, GHSA-3393-hvrj-w7v3

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u3d1-v47h-rud5

url VCID-wxj4-x2pn-ykeb

vulnerability_id VCID-wxj4-x2pn-ykeb

summary An issue was discovered by Elastic whereby Watcher search input logged the search query results on DEBUG log level. This could lead to raw contents of documents stored in Elasticsearch to be printed in logs. Elastic has released 8.11.2 and 7.17.16 that resolves this issue by removing this excessive logging. This issue only affects users that use Watcher and have a Watch defined that uses the search input and additionally have set the search input’s logger to DEBUG or finer, for example using: org.elasticsearch.xpack.watcher.input.search, org.elasticsearch.xpack.watcher.input, org.elasticsearch.xpack.watcher, or wider, since the loggers are hierarchical.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49921.json

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49921.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49921

reference_id

reference_type

scores

value	0.00701
scoring_system	epss
scoring_elements	0.72575
published_at	2026-06-12T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72586
published_at	2026-06-14T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72589
published_at	2026-06-13T12:55:00Z

value	0.00701
scoring_system	epss
scoring_elements	0.72497
published_at	2026-06-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49921

reference_url

https://github.com/elastic/elasticsearch

reference_id

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/elastic/elasticsearch

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2254251
reference_id	2254251
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2254251

reference_url

https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179

reference_id

349179

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-26T13:47:02Z/

url

https://discuss.elastic.co/t/elasticsearch-8-11-2-7-17-16-security-update-esa-2023-29/349179

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49921

reference_id

CVE-2023-49921

reference_type

scores

value	5.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

value	4.1
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:A/AC:L/AT:P/PR:L/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49921

reference_url

https://github.com/advisories/GHSA-2hjr-vmf3-xwvp

reference_id

GHSA-2hjr-vmf3-xwvp

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-2hjr-vmf3-xwvp

fixed_packages

url pkg:maven/org.elasticsearch/elasticsearch@7.17.16

purl pkg:maven/org.elasticsearch/elasticsearch@7.17.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-t1am-32ae-xqb4

vulnerability	VCID-tbv9-8xna-5qay

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@7.17.16

url pkg:maven/org.elasticsearch/elasticsearch@8.11.2

purl pkg:maven/org.elasticsearch/elasticsearch@8.11.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-678j-hy42-g3h9

vulnerability	VCID-7me3-yqqg-8ybn

vulnerability	VCID-g3pj-t279-1fbx

vulnerability	VCID-hd3x-5s2r-kqgq

vulnerability	VCID-kb8w-uxwq-byhk

vulnerability	VCID-n2wb-9npe-v3gk

vulnerability	VCID-t1am-32ae-xqb4

vulnerability	VCID-tbv9-8xna-5qay

resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@8.11.2

aliases CVE-2023-49921, GHSA-2hjr-vmf3-xwvp

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wxj4-x2pn-ykeb

Fixing_vulnerabilities

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/packages/pkg:maven/org.elasticsearch/elasticsearch@6.3.1

Package Instance