CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-37280

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.3%

CVSS Severity

CVSS v3 Score 4.9

References

https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007
https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007
https://security.netapp.com/advisory/ntap-20240816-0003/

Products affected by CVE-2024-37280

Elastic » Elasticsearch » Version: 8.13.1

cpe:2.3:a:elastic:elasticsearch:8.13.1
Elastic » Elasticsearch » Version: 8.13.2

cpe:2.3:a:elastic:elasticsearch:8.13.2
Elastic » Elasticsearch » Version: 8.13.3

cpe:2.3:a:elastic:elasticsearch:8.13.3
Elastic » Elasticsearch » Version: 8.13.4

cpe:2.3:a:elastic:elasticsearch:8.13.4

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-37280

Products

Pricing

Contact Us