{"id":"CVE-2021-22145","details":"A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.","aliases":["BIT-elasticsearch-2021-22145","GHSA-q394-h7f5-7f44"],"modified":"2026-04-10T04:29:57.689423Z","published":"2021-07-21T15:15:14.063Z","references":[{"type":"WEB","url":"https://gist.github.com/lucasdrufva/f9c5d7c9e26ee087b736d727953afd34"},{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elasticsearch-7-13-4-security-update/279177"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20210827-0006/"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/163648/ElasticSearch-7.13.3-Memory-Disclosure.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/elasticsearch","events":[{"introduced":"51e9d6f22758d0374a0f3f5c6e8f3a7997850f96"},{"last_affected":"5d21bea28db1e89ecc1f66311ebdec9dc3aa7d64"}],"database_specific":{"versions":[{"introduced":"7.10.0"},{"last_affected":"7.13.3"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22145.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"1.8.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}