A flaw was discovered in Elasticsearch, affecting the
_search API that allowed a specially crafted query string to cause a Stack Overflow and ultimately a Denial of Service.
Elasticsearch versions from 7.0.0 to 7.17.12 and from 8.0.0 to 8.9.0
The issue is resolved in Elasticsearch 7.17.13 and 8.9.1
CVSSv3: 6.5 (Medium) - AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVE ID: CVE-2023-31419