Miggo Logo

CVE-2024-43709: Elasticsearch allocation of resources without limits or throttling leads to crash

6.5

CVSS Score
3.1

Basic Information

EPSS Score
0.36897%
Published
1/21/2025
Updated
2/21/2025
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.elasticsearch:elasticsearchmaven< 7.17.217.17.21
org.elasticsearch:elasticsearchmaven>= 8.0.0, < 8.13.38.13.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis:
In progress

WAF Protection Rules

WAF Rule

*n *llo**tion o* r*sour**s wit*out limits or t*rottlin* in *l*sti*s**r** **n l*** to *n OutO*M*mory*rror *x**ption r*sultin* in * *r*s* vi* * sp**i*lly *r**t** qu*ry usin* *n SQL *un*tion.

Reasoning

No *n*lysis *v*il**l*