6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-43709

GHSA ID

GHSA-jgx4-7v3v-vwfm

EPSS Score

0.36897%

CWE

CWE-770

Published

1/21/2025

Updated

2/21/2025

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2024-43709

CVE-2024-43709: Elasticsearch allocation of resources without limits or throttling leads to crash

An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.

(GitHub Advisory)

6.5

CVSS Score

3.1

Basic Information

CVE ID

CVE-2024-43709

GHSA ID

GHSA-jgx4-7v3v-vwfm

EPSS Score

0.36897%

CWE

CWE-770

Published

1/21/2025

Updated

2/21/2025

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.elasticsearch:elasticsearch	maven	< 7.17.21	7.17.21
org.elasticsearch:elasticsearch	maven	>= 8.0.0, < 8.13.3	8.13.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

*n *llo**tion o* r*sour**s wit*out limits or t*rottlin* in *l*sti*s**r** **n l*** to *n OutO*M*mory*rror *x**ption r*sultin* in * *r*s* vi* * sp**i*lly *r**t** qu*ry usin* *n SQL *un*tion.

Reasoning

No *n*lysis *v*il**l*

6.5

Basic Information

Concerned about an active attack path?

CVE-2024-43709: Elasticsearch allocation of resources without limits or throttling leads to crash

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI