An uncaught exception in Elasticsearch >= 8.4.0 and < 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypted PDF files.
References
Configurations
No configuration.
History
21 Nov 2024, 08:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References | () https://discuss.elastic.co/t/elasticsearch-8-11-1-security-update-esa-2024-05/356458 - |
29 Mar 2024, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-29 12:15
Updated : 2024-11-21 08:57
NVD link : CVE-2024-23449
Mitre link : CVE-2024-23449
CVE.ORG link : CVE-2024-23449
JSON object : View
Products Affected
No product.
CWE
CWE-248
Uncaught Exception