VDB

CVE-2021-22144

CVE-2021-22144 PUBLISHED

In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser. A user with the ability to submit arbitrary queries to Elasticsearch could create a malicious Grok query that will crash the Elasticsearch node.

EPSS 0.21% · 43.7th percentile

Risk Scores

EPSS Score
0.21%
43.7th percentile

Affected Products

VendorProductVersions
Bitnamielasticsearch0, 7.0.0, 0
Bitnamielasticsearch0, 7.0.0

Timeline

  • CVE Published
  • Jul 27, 2021 EPSS Score
  • Sep 24, 2021 EPSS Score
  • Nov 22, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Mar 21, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 19, 2022 EPSS Score
  • Jul 18, 2022 EPSS Score
  • Sep 15, 2022 EPSS Score
  • Nov 14, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›