Home > Vulnerability Database > CVE-2024-52979

Mend.io Vulnerability Database

CVE-2024-52979

Good to know:

Date: May 1, 2025

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

Severity Score

6.5

Related Resources (7)

Url: https://github.com/elastic/elasticsearch/commit/cbde7f456d7ccd98556302fccf3238bb4557fc91

Url: https://github.com/elastic/elasticsearch/commit/f9b6b57d1d0f76e2d14291c04fb50abeb642cfbf

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52979

Url: https://github.com/elastic/elasticsearch

Url: https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709

Url: https://github.com/elastic/elasticsearch/pull/114002

Url: https://www.mend.io/vulnerability-database/CVE-2024-52979

Severity Score

6.5

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version org.elasticsearch.plugin:lang-mustache-client:7.17.25;org.elasticsearch:elasticsearch:7.17.25;org.elasticsearch:elasticsearch:8.16.0;https://github.com/elastic/elasticsearch.git - v7.17.25;https://github.com/elastic/elasticsearch.git - v8.16.0

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52979

Good to know:

Date: May 1, 2025

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?