Denial of service vulnerability in Elasticsearch - CVE-2024-23449 (dpkg)ID: oval:org.secpod.oval:def:99670 | Date: (C)2024-05-03 (M)2024-05-03 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch 8.4.0 before 8.11.1 and is prone to a denial of service vulnerability. A flaw is present in the application, which fails to properly handle an uncaught exception when an encrypted PDF is passed to an attachment processor through the REST API. Successful exploitation allows attackers to cause the Elasticsearch ingest node that attempts to parse the PDF file to crash.