CVE-2021-22144
First published: Mon Jul 26 2021(Updated: )
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.
Credit: bressers@elastic.co
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Elastic Elasticsearch | <6.8.17 | |
| Elastic Elasticsearch | >=7.0.0<7.13.3 | |
| XStream XStream | =1.8.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22144?
CVE-2021-22144 is an uncontrolled recursion vulnerability in Elasticsearch versions before 7.13.3 and 6.8.17.
How does CVE-2021-22144 affect Elasticsearch?
CVE-2021-22144 affects Elasticsearch versions before 7.13.3 and 6.8.17 by allowing an uncontrolled recursion vulnerability that could lead to a denial of service attack.
Who is affected by CVE-2021-22144?
Users of Elasticsearch versions before 7.13.3 and 6.8.17 are affected by CVE-2021-22144.
What is the severity of CVE-2021-22144?
The severity of CVE-2021-22144 is medium, with a CVSS score of 6.5.
How can I fix CVE-2021-22144?
To fix CVE-2021-22144, users should update to Elasticsearch versions 7.13.3 or 6.8.17.
- collector/nvd-index
- vendor/elastic
- canonical/elastic elasticsearch
- version/elastic elasticsearch/7.0.0
- vendor/oracle
- canonical/xstream xstream
- version/xstream xstream/1.8.0