CVE-2024-52979

Summary

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

Affected Software

VendorProductVersion RangeStatus
ElasticElasticsearch7.17.0 < 7.17.25affected
ElasticElasticsearch8.0.0 < 8.16.0affected

Weaknesses

  • CWE-400: CWE-400 Uncontrolled Resource Consumption

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References