PT-2025-18392 · Elastic · Elasticsearch

Published

2025-05-01

Updated

2025-10-02

CVE-2024-52979

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Elasticsearch (affected versions not specified)

Description The issue is related to Uncontrolled Resource Consumption in Elasticsearch. It occurs when the system evaluates specifically crafted search templates that utilize Mustache functions. This can lead to a Denial of Service, causing the Elasticsearch node to crash.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

BIT-ELASTICSEARCH-2024-52979

CVE-2024-52979

GHSA-MM3M-5497-XGGG

Affected Products

Elasticsearch

PT-2025-18392 · Elastic · Elasticsearch

CVE-2024-52979

Weakness Enumeration

Related Identifiers

Affected Products

References · 15