Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Uncontrolled Resource Consumption in Elasticsearch Leading to Denial of Service
Vulnerability Description
Uncontrolled Resource Consumption (CWE-400) in Elasticsearch can lead to a denial of service via Excessive Allocation (CAPEC-130). An authenticated user can submit a specially crafted bulk request that causes sustained high CPU consumption, which can render the affected node unable to process requests.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Elastic Elasticsearch 资源管理错误漏洞
Vulnerability Description
Elastic Elasticsearch是荷兰Elastic公司开源的一个搜索分析引擎。 Elastic Elasticsearch存在资源管理错误漏洞,该漏洞源于资源不受控制消耗(CWE-400),可能导致经过身份验证的用户提交特制批量请求引发持续高CPU消耗,致使受影响节点无法处理请求。以下版本受到影响:8.0.0版本至8.14.3版本和7.0.0版本至7.17.23版本。
CVSS Information
N/A
Vulnerability Type
N/A