Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Elasticsearch Security versions 6.5.0 and 6.5.1 contain an XXE flaw in Machine Learning's find_file_structure API. If a policy allowing external network access has been added to Elasticsearch's Java Security Manager then an attacker could send a specially crafted request capable of leaking content of local files on the Elasticsearch node. This could allow a user to access information that they should not have access to.
CVSS Information
N/A
Vulnerability Type
XML外部实体引用的不恰当限制(XXE)
Vulnerability Title
Elasticsearch Security 跨站脚本漏洞
Vulnerability Description
Elasticsearch是荷兰Elasticsearch公司的一套基于Lucene构建的开源分布式RESTful搜索引擎,它主要用于云计算中,并支持通过HTTP使用JSON进行数据索引。Security是其中的一个数据保护组件。 Elasticsearch Security 6.5.0版本和6.5.1版本中的Machine Learning的find_file_structure API存在跨站脚本漏洞。远程攻击者可通过发送特制的请求利用该漏洞泄露Elasticsearch节点上的本地文件。
CVSS Information
N/A
Vulnerability Type
N/A