CVE-2021-22140
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-22140
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Elastic App Search web crawler 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Elastic App Search web crawler是美国Elastic公司的一个应用软件。提供了更大的可扩展性和性能增强。 App Search web crawler 存在代码问题漏洞,该漏洞源于企业搜索中没有充分验证用户提供的XML输入。以下产品及版本受到影响:App Search web crawler: before 7.12.1 。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Elastic | Elastic App Search | after 7.11.0 and before 7.12.0 | - |
II. Public POCs for CVE-2021-22140
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-22140
请登录查看更多情报信息。
- https://discuss.elastic.co/t/7-12-1-security-update/271433x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2021-22140
Same Patch Batch · Elastic · 2021-05-13 · 6 CVEs total
| CVE-2021-22138 | Elasticsearch Logstash 信任管理问题漏洞 | |
| CVE-2021-22139 | Elastic Stack Kibana 资源管理错误漏洞 | |
| CVE-2021-22137 | Elasticsearch 信息泄露漏洞 | |
| CVE-2021-22135 | Elasticsearch 信息泄露漏洞 | |
| CVE-2021-22136 | Elastic Stack Kibana 代码问题漏洞 |
IV. Related Vulnerabilities
Same product: Elastic App Search
Same vendor: Elastic
- CVE-2026-33467
Improper Verification of Cryptographic Signature in Elastic - CVE-2026-33466
Improper Limitation of a Pathname to a Restricted Directory - CVE-2026-33458
Server-Side Request Forgery (SSRF) in Kibana One Workflow Le - CVE-2026-33459
Uncontrolled Resource Consumption in Kibana Leading to Denia - CVE-2026-33460
Incorrect Authorization in Kibana Fleet Leading to Informati
Same weakness: CWE-611
- CVE-2026-41936
Vvveb < 1.0.8.2 XML External Entity Injection via Import - CVE-2026-40682
Apache OpenNLP: XXE via Dictionary Parsing in DictionaryEntr - CVE-2026-6501
ILM Informatique jOpenDocument 代码问题漏洞 - CVE-2025-14543
Improper Restriction of XML External Entity Reference vulner - CVE-2024-13971
Arbitrary File Read and Server Side Request Forgery via XML
V. Comments for CVE-2021-22140
No comments yet