Security
Headlines

Headlines Latest CVEs

Headline

GHSA-2cqf-6xv9-f22w: Elasticsearch vulnerable to Uncontrolled Resource Consumption

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

1 year ago

Elasticsearch vulnerable to Uncontrolled Resource Consumption

High severity GitHub Reviewed Published Oct 26, 2023 to the GitHub Advisory Database • Updated Oct 30, 2023

Related news

CVE-2023-31418: Elasticsearch 8.9.0, 7.17.13 Security Update

An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.

1 year ago

ghsa: Latest News

GHSA-g5x8-v2ch-gj2g: Vaultwarden HTML injection vulnerability

1 day ago

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation

1 day ago

GHSA-vprm-27pv-jp3w: Vaultwarden authenticated reflected cross-site scripting (XSS) vulnerability

1 day ago

GHSA-5xh2-23cc-5jc6: Strawberry GraphQL has type resolution vulnerability in node interface that allows potential data leakage through incorrect type resolution

1 day ago

GHSA-675f-rq2r-jw82: JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh

1 day ago