CVE-2023-46673

MEDIUM

Elasticsearch - DoS

Title source: llm

Description

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

References (2)

[Vendor Advisory] https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708

[Vendor Advisory] https://www.elastic.co/community/security

Scores

CVSS v3 6.5

EPSS 0.0046

EPSS Percentile 64.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-755

Status published

Products (2)

elastic/elasticsearch 7.0.0 - 7.17.14

org.elasticsearch/elasticsearch 7.0.0 - 7.17.14Maven

Published Nov 22, 2023

Tracked Since Feb 18, 2026