CGA-rh67-44fp-rr7c

Published

Last updated

https://images.chainguard.dev/security/CGA-rh67-44fp-rr7c

Package

camunda-zeebe-8.6

Repository

Chainguard

Latest Update

Pending upstream fix

Aliases

CVE-2024-52980
GHSA-ghfh-p92w-j4mg

Severity

Unknown

Summary

Elasticsearch Potential Node Crash due to Large Recursion in innerForbidCircularReferences Function

Description

A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash.

A successful attack requires a malicious user to have read_pipeline Elasticsearch cluster privilege assigned to them.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-52980
https://github.com/advisories/GHSA-ghfh-p92w-j4mg
https://discuss.elastic.co/t/elasticsearch-8-15-1-security-update-esa-2024-34/376919
https://github.com/elastic/elasticsearch

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CGA-rh67-44fp-rr7c

Severity

Summary

Description

References

Updates

Products

Why Chainguard

Customers

Company

Resources