CVE-2023-46673
MEDIUMElasticsearch 7.0.0-7.17.14 - Denial of Service via Malformed Script in Ingest Pipeline
Title source: llmDescription
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.
References (2)
Core 2
Core References
Vendor Advisory
https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
Vendor Advisory
https://www.elastic.co/community/security
Scores
CVSS v3
6.5
EPSS
0.0084
EPSS Percentile
53.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-755
Status
published
Products (2)
elastic/elasticsearch
7.0.0 - 7.17.14
org.elasticsearch/elasticsearch
7.0.0 - 7.17.14Maven
Published
Nov 22, 2023
Tracked Since
Feb 18, 2026