{"id":"CVE-2024-37280","details":"A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.","aliases":["BIT-elasticsearch-2024-37280","GHSA-4q22-422g-m4pj"],"modified":"2026-03-14T12:34:53.549930Z","published":"2024-06-13T17:15:50.967Z","related":["CGA-xvx3-fq53-8f3x"],"references":[{"type":"ADVISORY","url":"https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240816-0003/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/elastic/elasticsearch","events":[{"introduced":"9287f29bba5e270bd51d557b8daccb7d118ba247"},{"fixed":"8d96bbe3bf5fed931f3119733895458eab75dca9"}],"database_specific":{"versions":[{"introduced":"8.13.1"},{"fixed":"8.14.0"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-37280.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}]}