CVE-2024-52979

Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:elastic:elasticsearch::::::::
	cpe:2.3:a:elastic:elasticsearch::::::::

History

No history.

Information

Published : 2025-05-01 14:15

Updated : 2025-10-02 16:40

NVD link : CVE-2024-52979

Mitre link : CVE-2024-52979

CVE.ORG link : CVE-2024-52979

JSON object : View

Products Affected

elastic

elasticsearch

CWE

CWE-400

Uncontrolled Resource Consumption

{"id": "CVE-2024-52979", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-05-01T14:15:35.690", "references": [{"url": "https://discuss.elastic.co/t/elasticsearch-7-17-25-and-8-16-0-security-update-esa-2024-40/377709", "tags": ["Patch", "Vendor Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "Uncontrolled Resource Consumption in Elasticsearch while evaluating specifically crafted search templates with Mustache functions can lead to Denial of Service by causing the Elasticsearch node to crash."}, {"lang": "es", "value": "El consumo descontrolado de recursos en Elasticsearch al evaluar plantillas de b\u00fasqueda espec\u00edficamente manipuladas con funciones Mustache puede provocar una denegaci\u00f3n de servicio al provocar que el nodo Elasticsearch se bloquee."}], "lastModified": "2025-10-02T16:40:31.107", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F052AD00-C5CE-48F1-B778-58B55F289A60", "versionEndExcluding": "7.17.25"}, {"criteria": "cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C417EF1-3893-4D5F-AFD2-9B4B771F38D3", "versionEndExcluding": "8.16.0", "versionStartIncluding": "8.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}