CVE-2021-22140
N/A
N/A
Summary
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Elastic | Elastic App Search | after 7.11.0 and before 7.12.0 | affected |
Weaknesses
- CWE-611: CWE-611: Improper Restriction of XML External Entity Reference
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.