{"id":"CVE-2021-22144","details":"In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.","aliases":["BIT-elasticsearch-2021-22144","GHSA-3393-hvrj-w7v3"],"modified":"2026-04-11T23:34:03.737089Z","published":"2021-07-26T12:15:08.547Z","references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elasticsearch-7-13-3-and-6-8-17-security-update/278100"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210827-0006/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/elasticsearch","events":[{"introduced":"0"},{"fixed":"206f6a2512f2ca690999b77a5c759ab214536b82"},{"introduced":"b7e28a7232616c7a21bc879a535d801b8553ba77"},{"fixed":"5d21bea28db1e89ecc1f66311ebdec9dc3aa7d64"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"6.8.17"},{"introduced":"7.0.0"},{"fixed":"7.13.3"}]}}],"versions":["v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.14.0","v0.15.0","v0.16.0","v0.17.0","v0.18.0","v0.19.0","v0.19.0.RC1","v0.19.0.RC2","v0.19.0.RC3","v0.20.0.RC1","v0.4.0","v0.5.0","v0.5.1","v0.6.0","v0.7.0","v0.7.1","v0.8.0","v0.9.0","v0.90.0","v0.90.0.Beta1","v0.90.0.RC1","v0.90.0.RC2","v1.0.0.Beta1","v1.0.0.Beta2","v1.0.0.RC1","v6.0.0-alpha1","v6.0.0-alpha2","v6.7.0","v6.7.1","v6.7.2","v6.8.0","v6.8.1","v6.8.10","v6.8.11","v6.8.12","v6.8.13","v6.8.14","v6.8.15","v6.8.16","v6.8.2","v6.8.3","v6.8.4","v6.8.5","v6.8.6","v6.8.7","v6.8.8","v6.8.9","v7.0.0-alpha1","v7.0.0-alpha2","v7.13.0","v7.13.1","v7.13.2"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.8.0"}]}],"vanir_signatures":[{"signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82","id":"CVE-2021-22144-094892b5","digest":{"threshold":0.9,"line_hashes":["46306908087834685596391033629543643063","309639364621793396813014594316873131855","29128284626522818738713589723885160495","161871899510850400620560954403845436989","11189868176976358190645651809106375237","252283072025772185312066259196494384069","186764478831357170795648974055168900478","16834889254463775560960843331988962190","336340090449089775032792466573808690249","120694549646089050654449180204196627811","91447881726955768689021406281828727085","169835636148755964864088097702761135007","164818499281119662862618001252267262545","142654126224155807598745608946083563969","113745486366100676625722287093107010606","159318981080328462933766738409863797493","313525545417608629117318777636242382908","309751647087901041984143822284033753378","101508310946298798877821549722829592093","183220078846225271179781572169631705799"]},"deprecated":false,"target":{"file":"libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"},"signature_type":"Line"},{"signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82","id":"CVE-2021-22144-729625b6","digest":{"length":511,"function_hash":"78606588141394941292377601035551429948"},"deprecated":false,"target":{"function":"Grok","file":"libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82","id":"CVE-2021-22144-743d25e2","digest":{"length":338,"function_hash":"314977716389471019717029041633733458541"},"deprecated":false,"target":{"function":"forbidCircularReferences","file":"libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"},"signature_type":"Function"},{"signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/206f6a2512f2ca690999b77a5c759ab214536b82","id":"CVE-2021-22144-e1f0827d","digest":{"length":1164,"function_hash":"331130921924370190697642416796273392643"},"deprecated":false,"target":{"function":"innerForbidCircularReferences","file":"libs/grok/src/main/java/org/elasticsearch/grok/Grok.java"},"signature_type":"Function"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22144.json","vanir_signatures_modified":"2026-04-11T23:34:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}]}