Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46673

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

Published

2023-11-22T10:15:08.417

Last Modified

2024-11-21T08:29:02.250

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-755
Type: Primary
CWE-755

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	elasticsearch	< 7.17.14	Yes
Application	elastic	elasticsearch	< 8.10.3	Yes

References

https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708 Vendor Advisory ([email protected])
https://www.elastic.co/community/security Vendor Advisory ([email protected])
https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.elastic.co/community/security Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)