A Denial of Service flaw was discovered in Elasticsearch. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HElastic Elasticsearch
APPElastic8.0.0 – 8.2.1 (bez)
Related vulnerabilities
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to by...
Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving...
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers...
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenti...
All versions of Elastic Cloud Enterprise has the Elasticsearch “anonymous” user enabled by default in deployed...