CVE-2023-46673: Elasticsearch Improper Handling of Exceptional Conditions

November 22, 2023

It was identified that malformed scripts used in the script processor of an Ingest Pipeline could cause an Elasticsearch node to crash when calling the Simulate Pipeline API.

References

discuss.elastic.co/t/elasticsearch-7-17-14-8-10-3-security-update-esa-2023-24/347708
github.com/advisories/GHSA-285m-vhfq-xx4h
nvd.nist.gov/vuln/detail/CVE-2023-46673
www.elastic.co/community/security

Code Behaviors & Features

Detect and mitigate CVE-2023-46673 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →