cbcvebase.
CVE-2024-37280
published 2024-06-13

CVE-2024-37280: A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under…

PriorityP420medium4.9CVSS 3.1
AVNACLPRHUINSUCNINAH
EPSS
0.53%
40.6th percentile
A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Affected

2 ranges
VendorProductVersion rangeFixed in
elasticelasticsearch>= 8.13.1 < 8.14.08.14.0
elasticelasticsearch8.13.1 – 8.13.4

CVSS provenance

nvdv3.14.9MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
osv4.9MEDIUM
vendor_redhat4.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.