CVE-2024-52979
published 2025-05-01CVE-2024-52979: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service…
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.52%
40.3th percentile
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| elastic | elasticsearch | < 7.17.25 | 7.17.25 |
| elastic | elasticsearch | >= 7.17.0 < 7.17.25 | 7.17.25 |
| elastic | elasticsearch | >= 8.0.0 < 8.16.0 | 8.16.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_redhat6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-52979: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial o
osv·2025-05-01·CVSS 7.5
CVE-2024-52979 [HIGH] CVE-2024-52979: Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial o
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
OSV
Elasticsearch Uncontrolled Resource Consumption Vulnerability
osv·2025-05-01
CVE-2024-52979 [MEDIUM] Elasticsearch Uncontrolled Resource Consumption Vulnerability
Elasticsearch Uncontrolled Resource Consumption Vulnerability
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
GHSA
Elasticsearch Uncontrolled Resource Consumption Vulnerability
ghsa·2025-05-01
CVE-2024-52979 [MEDIUM] CWE-400 Elasticsearch Uncontrolled Resource Consumption Vulnerability
Elasticsearch Uncontrolled Resource Consumption Vulnerability
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
Red Hat
elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
vendor_redhat·2025-05-01·CVSS 6.5
CVE-2024-52979 [MEDIUM] CWE-400 elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
elasticsearch: Elasticsearch Uncontrolled Resource Consumption vulnerability
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
A flaw was found in Elasticsearch. This flaw allows a remote attacker to trigger an application-level denial of service by sending specially crafted search templates that use Mustache functions.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: openshift-logging/fluentd-rhel9 (Logging Subsystem for Red Hat Op
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-05-01
Published