{"id":"GHSA-wh6w-69xc-5rq5","summary":"Improper Check for Unusual or Exceptional Conditions in Elasticsearch","details":"A Denial of Service flaw was discovered in Elasticsearch 8.0.0 through 8.2.0. Using this vulnerability, an unauthenticated attacker could forcibly shut down an Elasticsearch node with a specifically formatted network request. Version 8.2.1 contains a patch.","aliases":["BIT-elasticsearch-2022-23712","CVE-2022-23712"],"modified":"2024-02-21T05:37:07.551306Z","published":"2022-06-07T00:00:33Z","database_specific":{"nvd_published_at":"2022-06-06T18:15:00Z","cwe_ids":["CWE-754"],"github_reviewed":true,"github_reviewed_at":"2022-06-07T21:15:18Z","severity":"HIGH"},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23712"},{"type":"WEB","url":"https://discuss.elastic.co/t/elastic-stack-7-17-4-and-8-2-1-security-update/305530"},{"type":"PACKAGE","url":"https://github.com/elastic/elasticsearch"},{"type":"WEB","url":"https://security.netapp.com/advisory/ntap-20220707-0010"},{"type":"WEB","url":"https://www.elastic.co/community/security"}],"affected":[{"package":{"name":"org.elasticsearch:elasticsearch","ecosystem":"Maven","purl":"pkg:maven/org.elasticsearch/elasticsearch"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.0.0"},{"fixed":"8.2.1"}]}],"versions":["8.0.0","8.0.1","8.1.0","8.1.1","8.1.2","8.1.3","8.2.0"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/06/GHSA-wh6w-69xc-5rq5/GHSA-wh6w-69xc-5rq5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}