CVE-2024-52979
MEDIUM6.5EPSS 0.20%Elasticsearch Uncontrolled Resource Consumption vulnerability
Published: 5/1/2025Modified: 10/3/2025
Description
Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.
Affected packages (2)
- Bitnami/elasticsearch>= 7.17.0, < 7.17.25, >= 8.0.0, < 8.16.0
- Maven/org.elasticsearch:elasticsearchfrom 0, < 7.17.25
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
References (6)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2024-52979
- PATCHhttps://github.com/elastic/elasticsearch
- WEBhttps://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709
- WEBhttps://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91
- WEBhttps://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf
- WEBhttps://github.com/elastic/elasticsearch/pull/114002