CVE-2024-52979Uncontrolled Resource Consumption in Elasticsearch

CWE-400Uncontrolled Resource Consumption6 documents5 sources
Severity
7.5HIGHNVD
CNA6.5
EPSS
0.2%
top 58.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Elastic Elasticsearch
Timeline
PublishedMay 1

Description

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5elastic/elasticsearch7.17.07.17.25+1
NVDelastic/elasticsearch8.0.08.16.0+1

Patches

Patch: discuss.elastic.co

🔴Vulnerability Details

4
OSV
CVE-2024-52979: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial o2025-05-01
OSV
Elasticsearch Uncontrolled Resource Consumption Vulnerability2025-05-01
GHSA
Elasticsearch Uncontrolled Resource Consumption Vulnerability2025-05-01
CVEList
Elasticsearch Uncontrolled Resource Consumption vulnerability2025-05-01

📋Vendor Advisories

1
Red Hat
elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability2025-05-01
CVE-2024-52979 — Uncontrolled Resource Consumption | cvebase