Hello, everybody.
According to the community's safety announcement:
" Elasticsearch StackOverflow vulnerability (ESA-2023-14)
A flaw was discovered in Elasticsearch, affecting the _search
API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
Affected Versions:
Elasticsearch versions from 7.0.0 to 7.17.12 and from 8.0.0 to 8.9.0
Solutions and Mitigations:
The issue is resolved in Elasticsearch 7.17.13 and 8.9.1
CVSSv3: 6.5 (Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2023-31419"
Currently we are on OSS version of Elasticsearch 7.10.2. We are not in a position to upgrade to newer version of Elasticsearch. What could be our option here?
We do not know which issue is associated with this security update or which PR fixed the issue.
Can someone help?