1. Home
  2. Packages
  3. maven
  4. org.elasticsearch
  5. elasticsearch

pkg:maven/org.elasticsearch/elasticsearch

Type maven
Namespace org.elasticsearch
Name elasticsearch

Known advisories, vulnerabilities and fixes for org.elasticsearch/elasticsearch package.

Repository
https://mvnrepository.com/artifact/org.elasticsearch/elasticsearch
High 7
Moderate 29
Low 1
Type Version Distribution # CVEs # Advisory ID Title Severity Published
Affected >= 8.0.0, < 8.10.3 >= 7.0.0, < 7.17.14 CVE-2023-46673
maven MAVEN:GHSA-285M-VHFQ-XX4H Elasticsearch Improper Handling of Exceptional Conditions moderate 2023-11-22T12:30:26
(9 months ago)
Fixed = 8.10.3 = 7.17.14 CVE-2023-46673
maven MAVEN:GHSA-285M-VHFQ-XX4H Elasticsearch Improper Handling of Exceptional Conditions moderate 2023-11-22T12:30:26
(9 months ago)
Affected >= 8.0.0, < 8.9.0 < 7.17.13 CVE-2023-31418
maven MAVEN:GHSA-2CQF-6XV9-F22W Elasticsearch vulnerable to Uncontrolled Resource Consumption high 2023-10-26T18:30:23
(10 months ago)
Fixed = 8.9.0 = 7.17.13 CVE-2023-31418
maven MAVEN:GHSA-2CQF-6XV9-F22W Elasticsearch vulnerable to Uncontrolled Resource Consumption high 2023-10-26T18:30:23
(10 months ago)
Affected >= 8.0.0, < 8.11.2 < 7.17.16 CVE-2023-49921
maven MAVEN:GHSA-2HJR-VMF3-XWVP Elasticsearch Insertion of Sensitive Information into Log File moderate 2024-07-26T06:30:47
(7 weeks ago)
Fixed = 8.11.2 = 7.17.16 CVE-2023-49921
maven MAVEN:GHSA-2HJR-VMF3-XWVP Elasticsearch Insertion of Sensitive Information into Log File moderate 2024-07-26T06:30:47
(7 weeks ago)
Affected >= 7.0.0-alpha1, < 7.13.3 < 6.8.17 CVE-2021-22144
maven MAVEN:GHSA-3393-HVRJ-W7V3 Denial of Service in Elasticsearch moderate 2021-08-09T20:41:17
(3 years ago)
Fixed = 7.13.3 = 6.8.17 CVE-2021-22144
maven MAVEN:GHSA-3393-HVRJ-W7V3 Denial of Service in Elasticsearch moderate 2021-08-09T20:41:17
(3 years ago)
Affected >= 7.11.0, < 7.14.0 CVE-2021-22147
maven MAVEN:GHSA-45H5-R968-5XR7 Exposure of sensitive information in Elasticsearch moderate 2021-09-20T20:29:40
(3 years ago)
Fixed = 7.14.0 CVE-2021-22147
maven MAVEN:GHSA-45H5-R968-5XR7 Exposure of sensitive information in Elasticsearch moderate 2021-09-20T20:29:40
(3 years ago)
Affected > 8.10.0, < 8.14.0 CVE-2024-23445
maven MAVEN:GHSA-4C7Q-M7HC-PC92 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions moderate 2024-06-12T15:31:44
(3 months ago)
Fixed = 8.14.0 CVE-2024-23445
maven MAVEN:GHSA-4C7Q-M7HC-PC92 Elasticsearch Remote Cluster Search Cross Cluster API Key insufficient restrictions moderate 2024-06-12T15:31:44
(3 months ago)
Affected >= 8.13.1, < 8.14.0 CVE-2024-37280
maven MAVEN:GHSA-4Q22-422G-M4PJ Elasticsearch StackOverflow vulnerability moderate 2024-06-13T18:31:58
(3 months ago)
Fixed = 8.14.0 CVE-2024-37280
maven MAVEN:GHSA-4Q22-422G-M4PJ Elasticsearch StackOverflow vulnerability moderate 2024-06-13T18:31:58
(3 months ago)
Affected >= 7.7.0, < 7.10.2 CVE-2021-22132
maven MAVEN:GHSA-5FVX-2JJ3-6MFF Insufficiently Protected Credentials in Elasticsearch moderate 2021-03-18T19:27:27
(3 years ago)
Fixed = 7.10.2 CVE-2021-22132
maven MAVEN:GHSA-5FVX-2JJ3-6MFF Insufficiently Protected Credentials in Elasticsearch moderate 2021-03-18T19:27:27
(3 years ago)
Affected < 7.17.23 >= 8.0.0-alpha1, < 8.13.0 CVE-2024-23444
maven MAVEN:GHSA-5V8F-XX9M-WJ44 Elasticsearch stores private key on disk unencrypted moderate 2024-07-31T18:32:01
(6 weeks ago)
Fixed = 7.17.23 = 8.13.0 CVE-2024-23444
maven MAVEN:GHSA-5V8F-XX9M-WJ44 Elasticsearch stores private key on disk unencrypted moderate 2024-07-31T18:32:01
(6 weeks ago)
Affected < 6.8.15 >= 7.0.0, < 7.11.2 CVE-2021-22135
maven MAVEN:GHSA-62WW-4P3P-7FHJ API information disclosure flaw in Elasticsearch moderate 2021-07-02T18:33:02
(3 years ago)
Fixed = 6.8.15 = 7.11.2 CVE-2021-22135
maven MAVEN:GHSA-62WW-4P3P-7FHJ API information disclosure flaw in Elasticsearch moderate 2021-07-02T18:33:02
(3 years ago)
Affected < 1.4.0.Beta1 CVE-2014-6439
maven MAVEN:GHSA-8699-M855-CWQF Cross-site scripting in Elasticsearch moderate 2022-05-14T02:51:14
(2 years ago)
Fixed = 1.4.0.Beta1 CVE-2014-6439
maven MAVEN:GHSA-8699-M855-CWQF Cross-site scripting in Elasticsearch moderate 2022-05-14T02:51:14
(2 years ago)
Affected >= 8.0.0, < 8.9.2 >= 7.0.0, < 7.17.13 CVE-2023-31417
maven MAVEN:GHSA-99PC-69Q9-JXF2 Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs moderate 2023-10-26T18:30:23
(10 months ago)
Fixed = 8.9.2 = 7.17.13 CVE-2023-31417
maven MAVEN:GHSA-99PC-69Q9-JXF2 Elasticsearch allows insertion of sensitive information into log files when using deprecated URIs moderate 2023-10-26T18:30:23
(10 months ago)
Affected < 6.8.12 >= 7.0.0, < 7.9.0 CVE-2020-7019
maven MAVEN:GHSA-C77J-P484-H84M Improper privilege management in elasticsearch moderate 2022-05-24T17:26:07
(2 years ago)
Fixed = 6.8.12 = 7.9.0 CVE-2020-7019
maven MAVEN:GHSA-C77J-P484-H84M Improper privilege management in elasticsearch moderate 2022-05-24T17:26:07
(2 years ago)
Affected >= 6.5.0, < 6.5.2 CVE-2018-17247
maven MAVEN:GHSA-CCMR-QJ26-845G Improper Restriction of XML External Entity Reference in Elasticsearch moderate 2022-05-13T01:34:04
(2 years ago)
Fixed = 6.5.2 CVE-2018-17247
maven MAVEN:GHSA-CCMR-QJ26-845G Improper Restriction of XML External Entity Reference in Elasticsearch moderate 2022-05-13T01:34:04
(2 years ago)
Affected >= 7.0.0, <= 7.0.9 <= 6.8.13 CVE-2020-7021
maven MAVEN:GHSA-CQGV-256R-M9R8 Insertion of Sensitive Information into Log File in Elasticsearch moderate 2022-05-24T17:41:42
(2 years ago)
Fixed = 7.10.0 = 6.8.14 CVE-2020-7021
maven MAVEN:GHSA-CQGV-256R-M9R8 Insertion of Sensitive Information into Log File in Elasticsearch moderate 2022-05-24T17:41:42
(2 years ago)
Affected < 1.6.0 CVE-2015-4165
maven MAVEN:GHSA-FH5X-4J57-6Q5X Improper Access Control in Elasticsearch high 2022-05-14T02:48:29
(2 years ago)
Fixed = 1.6.0 CVE-2015-4165
maven MAVEN:GHSA-FH5X-4J57-6Q5X Improper Access Control in Elasticsearch high 2022-05-14T02:48:29
(2 years ago)
Affected >= 6.0.0, < 6.6.1 < 5.6.15 CVE-2019-7611
maven MAVEN:GHSA-FJ32-6V7M-57PG Improper Access Control in Elasticsearch high 2022-05-13T01:14:26
(2 years ago)
Fixed = 6.6.1 = 5.6.15 CVE-2019-7611
maven MAVEN:GHSA-FJ32-6V7M-57PG Improper Access Control in Elasticsearch high 2022-05-13T01:14:26
(2 years ago)
Affected >= 7.0.0, < 7.9.2 < 6.8.13 CVE-2020-7020
maven MAVEN:GHSA-G9FW-9X87-RMRJ Privilege Context Switching Error in Elasticsearch low 2021-03-18T19:27:13
(3 years ago)
Fixed = 7.9.2 = 6.8.13 CVE-2020-7020
maven MAVEN:GHSA-G9FW-9X87-RMRJ Privilege Context Switching Error in Elasticsearch low 2021-03-18T19:27:13
(3 years ago)
Affected >= 7.0.0, <= 7.6.1 >= 6.7.0, <= 6.8.7 CVE-2020-7009
maven MAVEN:GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch high 2022-05-24T17:13:01
(2 years ago)
Fixed = 7.6.2 = 6.8.8 CVE-2020-7009
maven MAVEN:GHSA-GFV5-GRX2-9JW2 Improper Privilege Management in Elasticsearch high 2022-05-24T17:13:01
(2 years ago)
Affected >= 7.0.0, < 7.6.2 >= 6.7.0, < 6.8.8 CVE-2020-7014
maven MAVEN:GHSA-HQQV-9X3V-MP7W Privilege Escalation Flaw in Elasticsearch moderate 2021-03-18T19:27:20
(3 years ago)
Fixed = 7.6.2 = 6.8.8 CVE-2020-7014
maven MAVEN:GHSA-HQQV-9X3V-MP7W Privilege Escalation Flaw in Elasticsearch moderate 2021-03-18T19:27:20
(3 years ago)
Affected <= 6.8.14 >= 7.11.0, <= 7.11.1 CVE-2021-22137
maven MAVEN:GHSA-HR65-QQ6P-87R4 Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch moderate 2022-05-24T19:02:19
(2 years ago)
Fixed = 6.8.15 = 7.11.2 CVE-2021-22137
maven MAVEN:GHSA-HR65-QQ6P-87R4 Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch moderate 2022-05-24T19:02:19
(2 years ago)
Affected >= 7.6.0, < 7.11.0 CVE-2021-22134
maven MAVEN:GHSA-HWVV-438R-MHVJ Exposure of Sensitive Information to an Unauthorized Actor moderate 2021-03-18T19:23:57
(3 years ago)
Fixed = 7.11.0 CVE-2021-22134
maven MAVEN:GHSA-HWVV-438R-MHVJ Exposure of Sensitive Information to an Unauthorized Actor moderate 2021-03-18T19:23:57
(3 years ago)
Affected >= 7.0.0, <= 7.3.2 >= 6.7.0, <= 6.8.3 CVE-2019-7619
maven MAVEN:GHSA-HXP8-R9G3-GRFR Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch moderate 2022-05-24T17:00:08
(2 years ago)
Fixed = 7.4.0 = 6.8.4 CVE-2019-7619
maven MAVEN:GHSA-HXP8-R9G3-GRFR Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch moderate 2022-05-24T17:00:08
(2 years ago)
Affected <= 1.6.0 CVE-2015-5531
maven MAVEN:GHSA-JJQ8-VFJQ-J6V4 Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch moderate 2022-05-14T02:48:01
(2 years ago)
Fixed = 1.6.1 CVE-2015-5531
maven MAVEN:GHSA-JJQ8-VFJQ-J6V4 Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch moderate 2022-05-14T02:48:01
(2 years ago)
Affected >= 7.0.0, < 7.2.1 < 6.8.2 CVE-2019-7614
maven MAVEN:GHSA-JQM6-M3J3-8GG9 Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch moderate 2022-05-24T16:51:49
(2 years ago)
Fixed = 7.2.1 = 6.8.2 CVE-2019-7614
maven MAVEN:GHSA-JQM6-M3J3-8GG9 Concurrent Execution using Shared Resource with Improper Synchronization in Elasticsearch moderate 2022-05-24T16:51:49
(2 years ago)
Affected >= 7.16.0, < 7.17.1 CVE-2022-23710
maven MAVEN:GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana moderate 2022-03-04T00:00:15
(2 years ago)
Fixed = 7.17.1 CVE-2022-23710
maven MAVEN:GHSA-M6GG-86C6-GFR9 Withdrawn: Cross-site Scripting in Kibana moderate 2022-03-04T00:00:15
(2 years ago)
Affected >= 6.0.0, < 6.2.4 < 5.6.9 CVE-2018-3824
maven MAVEN:GHSA-MJPC-QX7H-R8C9 Elasticsearch subject to cross site scripting moderate 2022-05-13T01:32:17
(2 years ago)
Fixed = 6.2.4 = 5.6.9 CVE-2018-3824
maven MAVEN:GHSA-MJPC-QX7H-R8C9 Elasticsearch subject to cross site scripting moderate 2022-05-13T01:32:17
(2 years ago)
Affected >= 7.16.0, < 7.17.1 CVE-2022-23708
maven MAVEN:GHSA-PGQ6-CCQJ-HPQR Elasticsearch privilege escalation moderate 2022-03-04T00:00:15
(2 years ago)
Fixed = 7.17.1 CVE-2022-23708
maven MAVEN:GHSA-PGQ6-CCQJ-HPQR Elasticsearch privilege escalation moderate 2022-03-04T00:00:15
(2 years ago)
Affected >= 8.4.0, < 8.11.1 CVE-2024-23449
maven MAVEN:GHSA-PW39-F3M5-CXFC Elasticsearch Uncaught Exception leading to crash moderate 2024-03-29T12:30:42
(5 months ago)
Fixed = 8.11.1 CVE-2024-23449
maven MAVEN:GHSA-PW39-F3M5-CXFC Elasticsearch Uncaught Exception leading to crash moderate 2024-03-29T12:30:42
(5 months ago)
Affected >= 8.0.0, < 8.9.1 >= 7.0.0, < 7.17.13 CVE-2023-31419
maven MAVEN:GHSA-QWRX-45XF-JJF7 Elasticsearch vulnerable to stack overflow in the search API moderate 2023-10-26T18:30:23
(10 months ago)
Fixed = 8.9.1 = 7.17.13 CVE-2023-31419
maven MAVEN:GHSA-QWRX-45XF-JJF7 Elasticsearch vulnerable to stack overflow in the search API moderate 2023-10-26T18:30:23
(10 months ago)
Affected >= 8.10.0, < 8.13.0 CVE-2024-23451
maven MAVEN:GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability moderate 2024-03-27T18:32:39
(5 months ago)
Fixed = 8.13.0 CVE-2024-23451
maven MAVEN:GHSA-R3HX-QFH5-R9M7 Elasticsearch Incorrect Authorization vulnerability moderate 2024-03-27T18:32:39
(5 months ago)
Affected >= 6.0.0, < 6.4.1 >= 5.6.0, < 5.6.12 CVE-2018-3831
maven MAVEN:GHSA-R9FV-QPM9-RJ4G Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch high 2022-05-13T01:27:27
(2 years ago)
Fixed = 6.4.1 = 5.6.12 CVE-2018-3831
maven MAVEN:GHSA-R9FV-QPM9-RJ4G Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch high 2022-05-13T01:27:27
(2 years ago)
Affected >= 6.4.0, <= 6.4.2 CVE-2018-17244
maven MAVEN:GHSA-VPQM-88C4-X4CV Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch moderate 2022-05-13T01:34:04
(2 years ago)
Fixed = 6.4.3 CVE-2018-17244
maven MAVEN:GHSA-VPQM-88C4-X4CV Exposure of Sensitive Information to an Unauthorized Actor in Elasticsearch moderate 2022-05-13T01:34:04
(2 years ago)
Affected >= 8.0.0, < 8.13.0 >= 7.0.0, < 7.17.19 CVE-2024-23450
maven MAVEN:GHSA-W5GG-2Q56-6H4F Elasticsearch Uncontrolled Resource Consumption vulnerability moderate 2024-03-27T18:32:38
(5 months ago)
Fixed = 8.13.0 = 7.17.19 CVE-2024-23450
maven MAVEN:GHSA-W5GG-2Q56-6H4F Elasticsearch Uncontrolled Resource Consumption vulnerability moderate 2024-03-27T18:32:38
(5 months ago)
Affected >= 1.4.0, <= 1.4.2 <= 1.3.7 CVE-2015-1427
maven MAVEN:GHSA-W94P-6MHW-4QXW Improper Access Control in Elasticsearch high 2022-05-14T02:49:44
(2 years ago)
Fixed = 1.4.3 = 1.3.8 CVE-2015-1427
maven MAVEN:GHSA-W94P-6MHW-4QXW Improper Access Control in Elasticsearch high 2022-05-14T02:49:44
(2 years ago)
Affected >= 8.0.0, < 8.2.1 CVE-2022-23712
maven MAVEN:GHSA-WH6W-69XC-5RQ5 Improper Check for Unusual or Exceptional Conditions in Elasticsearch high 2022-06-07T00:00:33
(2 years ago)
Fixed = 8.2.1 CVE-2022-23712
maven MAVEN:GHSA-WH6W-69XC-5RQ5 Improper Check for Unusual or Exceptional Conditions in Elasticsearch high 2022-06-07T00:00:33
(2 years ago)
Affected >= 1.5.0, <= 1.5.1 <= 1.4.4 CVE-2015-3337
maven MAVEN:GHSA-X8Q8-4HP5-463W Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch moderate 2022-05-17T04:12:25
(2 years ago)
Fixed = 1.5.2 = 1.4.5 CVE-2015-3337
maven MAVEN:GHSA-X8Q8-4HP5-463W Improper Limitation of a Pathname to a Restricted Directory in Elasticsearch moderate 2022-05-17T04:12:25
(2 years ago)