Elasticsearch 7.17.25 and 8.16.0 Security Update (ESA-2024-40)

ismisepaul · May 1, 2025, 10:13am

Elasticsearch Uncontrolled Resource Consumption vulnerability(ESA-2024-40)

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

Affected Versions:
Elasticsearch versions < 7.17.25 and Elasticsearch versions < 8.16.0

Solutions and Mitigations:
The issue is resolved in versions 7.17.25 and 8.16.0

Severity: CVSSv3.1: 6.5 (Medium) AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2024-52979

Topic		Replies	Views
Elasticsearch 8.13.0 / 7.17.19 Security Update (ESA-2024-06) Security Announcements	0	9305	March 27, 2024
Elasticsearch 7.17.24 and 8.15.1 Security Update (ESA-2024-37) Security Announcements	0	1203	April 8, 2025
Elasticsearch 8.15.1 Security Update (ESA-2024-34) Security Announcements	0	778	April 8, 2025
Elasticsearch 7.13.3 and 6.8.17 Security Update Security Announcements	1	14622	November 4, 2022
Elasticsearch 8.9.0, 7.17.13 Security Update Security Announcements	0	15034	September 22, 2023

Elasticsearch 7.17.25 and 8.16.0 Security Update (ESA-2024-40)

Related topics