Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-23449

An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.

Published

2024-03-29T12:15:08.177

Last Modified

2025-02-04T15:14:46.527

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

Weaknesses

Type: Secondary
CWE-248
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	elastic	elasticsearch	< 8.11.1	Yes

References

https://discuss.elastic.co/t/elasticsearch-8-11-1-security-update-esa-2024-05/356458 Vendor Advisory ([email protected])
https://discuss.elastic.co/t/elasticsearch-8-11-1-security-update-esa-2024-05/356458 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)