CVE-2021-22145
published 2021-07-21CVE-2021-22145: A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to…
PriorityP263medium6.5CVSS 3.1
AVNACLPRLUINSUCHINAN
EXPLOIT
EPSS
76.25%
99.5th percentile
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | 7.10.0 – 7.13.3 | — |
| oracle | communications_cloud_native_core_automated_test_suite | — | — |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
@\n
- →POST request to /_bulk endpoint with a single '@' character as the body and Content-Type: application/json triggers the memory disclosure. Look for HTTP 400 responses containing 'root_cause', 'truncated', and 'reason' fields simultaneously. ↗
- →Memory leak content is extracted from the error response JSON at paths error.root_cause[0].reason and error.reason, specifically the substring between '(byte[])"' and '; line'. Monitor Elasticsearch error responses for unexpected data in these fields. ↗
- →FOFA/Shodan fingerprint query 'index_not_found_exception' can be used to identify exposed Elasticsearch instances potentially targeted by this CVE. ↗
- →Affected versions are strictly Elasticsearch 7.10.0 through 7.13.3 inclusive. Version checks against the GET / endpoint JSON field version.number can confirm exposure. ↗
- ·The exploit supports both API Key (Bearer ApiKey) and HTTP Basic authentication headers, meaning authenticated Elasticsearch instances are also exploitable if the attacker has valid credentials. ↗
- ·The vulnerability requires only low-privilege access — any user able to submit arbitrary queries is sufficient to trigger the memory disclosure; no admin rights are needed. ↗
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvdv2.04.0MEDIUMAV:N/AC:L/Au:S/C:P/I:N/A:N
ghsa6.5MEDIUM
osv6.5MEDIUM
vendor_redhat6.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
osv·2025-06-07·CVSS 6.5
CVE-2025-49128 [MEDIUM] Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
### Overview
A flaw in Jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible **information disclosure** in systems using **pooled or reused buffers**, like Netty or Vert.x.
### Details
The vulnerability affects the creation of exception messages like:
```
JsonParseException: Unexpected character ... at [Source: (byte[])...]
```
When `JsonFactory.createParser(byte[] data, int offset, int len)` is used, and an error occurs
GHSA
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
ghsa·2025-06-07·CVSS 6.5
CVE-2025-49128 [MEDIUM] CWE-209 Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
### Overview
A flaw in Jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory content to be included in exception messages. When parsing JSON from a byte array with an offset and length, the exception message incorrectly reads from the beginning of the array instead of the logical payload start. This results in possible **information disclosure** in systems using **pooled or reused buffers**, like Netty or Vert.x.
### Details
The vulnerability affects the creation of exception messages like:
```
JsonParseException: Unexpected character ... at [Source: (byte[])...]
```
When `JsonFactory.createParser(byte[] data, int offset, int len)` is used, and an error occurs
OSV
Generation of Error Message Containing Sensitive Information in Elasticsearch
osv·2022-05-24
CVE-2021-22145 [MEDIUM] Generation of Error Message Containing Sensitive Information in Elasticsearch
Generation of Error Message Containing Sensitive Information in Elasticsearch
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
GHSA
Generation of Error Message Containing Sensitive Information in Elasticsearch
ghsa·2022-05-24
CVE-2021-22145 [MEDIUM] CWE-200 Generation of Error Message Containing Sensitive Information in Elasticsearch
Generation of Error Message Containing Sensitive Information in Elasticsearch
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
OSV
CVE-2021-22145: A memory disclosure vulnerability was identified in Elasticsearch 7
osv·2021-07-21·CVSS 6.5
CVE-2021-22145 [MEDIUM] CVE-2021-22145: A memory disclosure vulnerability was identified in Elasticsearch 7
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
Red Hat
elasticsearch: memory disclosure in error reporting
vendor_redhat·2021-07-20·CVSS 6.5
CVE-2021-22145 [MEDIUM] CWE-125 elasticsearch: memory disclosure in error reporting
elasticsearch: memory disclosure in error reporting
A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.
A memory disclosure flaw was found in Elasticsearch’s error reporting. A user who can submit arbitrary queries to Elasticsearch could submit a malformed query that results in an error message returned that contains previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents
No detection rules found.
Exploit-DB
ElasticSearch 7.13.3 - Memory disclosure
exploitdb·2021-07-23·CVSS 6.5
CVE-2021-22145 [MEDIUM] ElasticSearch 7.13.3 - Memory disclosure
ElasticSearch 7.13.3 - Memory disclosure
---
# Exploit Title: ElasticSearch 7.13.3 - Memory disclosure
# Date: 21/07/2021
# Exploit Author: r0ny
# Vendor Homepage: https://www.elastic.co/
# Software Link: https://github.com/elastic/elasticsearch
# Version: 7.10.0 to 7.13.3
# Tested on: Kali Linux
# CVE : CVE-2021-22145
#/usr/bin/python3
from argparse import ArgumentParser
import requests
from packaging import version
import json
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
print("\n################################################################################################")
print("###### CVE-2021-22145 Memory leak vulnerability on Elasticsearch (7.10.0 to 7.13.3) ######")
print("###### E
Metasploit
Elasticsearch Memory Disclosure
metasploit
Elasticsearch Memory Disclosure
Elasticsearch Memory Disclosure
This module exploits a memory disclosure vulnerability in Elasticsearch 7.10.0 to 7.13.3 (inclusive). A user with the ability to submit arbitrary queries to Elasticsearch can generate an error message containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details. This vulnerability's output is similar to heartbleed.
Nuclei
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
nuclei·CVSS 6.5
CVE-2021-22145 [MEDIUM] Elasticsearch 7.10.0-7.13.3 - Information Disclosure
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as Elasticsearch documents or authentication details, thus potentially leading to data modification and/or execution of unauthorized operations.
Template:
id: CVE-2021-22145
info:
name: Elasticsearch 7.10.0-7.13.3 - Information Disclosure
author: dhiyaneshDk
severity: medium
description: ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that res
No writeups or analysis indexed.
http://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.htmlhttps://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177https://gist.github.com/lucasdrufva/f9c5d7c9e26ee087b736d727953afd34https://security.netapp.com/advisory/ntap-20210827-0006/https://www.oracle.com/security-alerts/cpuapr2022.htmlhttp://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.htmlhttps://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177https://security.netapp.com/advisory/ntap-20210827-0006/https://www.oracle.com/security-alerts/cpuapr2022.html
2021-07-21
Published