Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-6g3j-p5g6-992f: OpenSearch StackOverflow vulnerability

Impact

A flaw was discovered in OpenSearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 (CVE-2023-31419).

Mitigation

Versions 1.3.14 and 2.11.1 contain a fix for this issue.

For more information

If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [email protected]. Please do not create a public GitHub issue.

ghsa
#vulnerability#amazon#dos#git#java#aws#maven

Skip to content

    • Actions

      Automate any workflow

    • Packages

      Host and manage packages

    • Security

      Find and fix vulnerabilities

    • Codespaces

      Instant dev environments

    • Copilot

      Write better code with AI

    • Code review

      Manage code changes

    • Issues

      Plan and track work

    • Discussions

      Collaborate outside of code

    • GitHub Sponsors

      Fund open source developers

*   The ReadME Project
    
    GitHub community articles
  • Pricing
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. GHSA-6g3j-p5g6-992f

OpenSearch StackOverflow vulnerability

Package

maven org.opensearch:opensearch (Maven)

Affected versions

< 1.3.14

>= 2.0.0, < 2.11.1

Patched versions

1.3.14

2.11.1

Description

Impact

A flaw was discovered in OpenSearch, affecting the _search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.

The issue was identified by Elastic Engineering and corresponds to security advisory ESA-2023-14 (CVE-2023-31419).

Mitigation

Versions 1.3.14 and 2.11.1 contain a fix for this issue.

For more information

If you have any questions or comments about this advisory, please contact AWS/Amazon Security via our issue reporting page (https://aws.amazon.com/security/vulnerability-reporting/) or directly via email to [email protected]. Please do not create a public GitHub issue.

References

  • GHSA-6g3j-p5g6-992f

Published to the GitHub Advisory Database

Dec 1, 2023

ghsa: Latest News

GHSA-hxf5-99xg-86hw: cap-std doesn't fully sandbox all the Windows device filenames