CVE-2024-23450 – Elasticsearch Uncontrolled Resource Consumption vulnerability
https://notcve.org/view.php?id=CVE-2024-23450
A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash. Se descubrió una falla en Elasticsearch, donde el procesamiento de un documento en una canalización profundamente anidada en un nodo de ingesta podría provocar que el nodo Elasticsearch fallara. • https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314 https://security.netapp.com/advisory/ntap-20240517-0010 https://www.elastic.co/community/security • CWE-400: Uncontrolled Resource Consumption •
CVE-2023-46673
https://notcve.org/view.php?id=CVE-2023-46673
It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API. Se identificó que los scripts con formato incorrecto utilizados en el procesador de scripts de una canalización de ingesta podrían provocar que un nodo de Elasticsearch fallara al llamar a la API Simulate Pipeline. • https://discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708 https://www.elastic.co/community/security • CWE-755: Improper Handling of Exceptional Conditions •