In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.elasticsearch:elasticsearch(Maven) | 0 | 6.8.17 | N/A |
| org.elasticsearch:elasticsearch(Maven) | 7.0.0-alpha1 | 7.13.3 | N/A |
CVSS Metrics
