{"id":"CVE-2024-23450","details":"A flaw was discovered in Elasticsearch, where processing a document in a deeply nested pipeline on an ingest node could cause the Elasticsearch node to crash.","aliases":["BIT-elasticsearch-2024-23450","GHSA-w5gg-2q56-6h4f"],"modified":"2026-04-12T05:53:17.834606Z","published":"2024-03-27T17:15:53.857Z","related":["CGA-v27m-842c-f4w6"],"references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elasticsearch-8-13-0-7-17-19-security-update-esa-2024-06/356314"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240517-0010/"},{"type":"ADVISORY","url":"https://www.elastic.co/community/security"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/elasticsearch","events":[{"introduced":"b7e28a7232616c7a21bc879a535d801b8553ba77"},{"fixed":"92f290e9537478f85ff3fe3ab39945c1a49a6c1a"},{"introduced":"1b6a7ece17463df5ff54a3e1302d825889aa1161"},{"fixed":"09df99393193b2c53d92899662a8b8b3c55b45cd"}],"database_specific":{"versions":[{"introduced":"7.0.0"},{"fixed":"7.17.19"},{"introduced":"8.0.0"},{"fixed":"8.13.0"}]}}],"database_specific":{"vanir_signatures_modified":"2026-04-12T05:53:17Z","vanir_signatures":[{"id":"CVE-2024-23450-03f25105","digest":{"line_hashes":["82047729086430910756604278104193458802","131410135016128987439099169873091096185","307499659489575771444191318791584808901","283573415662965770105778062442554353810","246118581985204571158009790777095832719","11882487284426012650628006900929671532"],"threshold":0.9},"deprecated":false,"target":{"file":"server/src/internalClusterTest/java/org/elasticsearch/snapshots/SnapshotStressTestsIT.java"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/92f290e9537478f85ff3fe3ab39945c1a49a6c1a"},{"id":"CVE-2024-23450-939533c3","digest":{"length":1180,"function_hash":"12158914231129088094406129298884796573"},"deprecated":false,"target":{"function":"startCleaner","file":"server/src/internalClusterTest/java/org/elasticsearch/snapshots/SnapshotStressTestsIT.java"},"signature_type":"Function","signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/92f290e9537478f85ff3fe3ab39945c1a49a6c1a"},{"id":"CVE-2024-23450-9616b188","digest":{"line_hashes":["36530912574437381226782567206995626327","244108005552100167940772669739727799311","122676380888478570388070130641794056358"],"threshold":0.9},"deprecated":false,"target":{"file":"server/src/test/java/org/elasticsearch/threadpool/ThreadPoolTests.java"},"signature_type":"Line","signature_version":"v1","source":"https://github.com/elastic/elasticsearch/commit/09df99393193b2c53d92899662a8b8b3c55b45cd"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-23450.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}