Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Elasticsearch uncontrolled resource consumption
Vulnerability Description
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer. An unauthenticated user could force an Elasticsearch node to exit with an OutOfMemory error by sending a moderate number of malformed HTTP requests. The issue was identified by Elastic Engineering and we have no indication that the issue is known or that it is being exploited in the wild.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Elasticsearch 资源管理错误漏洞
Vulnerability Description
Elasticsearch是一个基于Lucene库的搜索引擎。 Elasticsearch 存在安全漏洞,该漏洞源于未经身份验证的用户可以通过发送适量的格式错误的 HTTP 请求来强制 Elasticsearch 节点退出并出现 OutOfMemory 错误。
CVSS Information
N/A
Vulnerability Type
N/A