Vulnerabilities > Elastic > Elasticsearch > 6.8.15

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-46674 Deserialization of Untrusted Data vulnerability in Elastic Elasticsearch
An issue was identified that allowed the unsafe deserialization of java objects from hadoop or spark configuration properties that could have been modified by authenticated users.
local
low complexity
elastic CWE-502
7.8
2023-10-26 CVE-2023-31418 Resource Exhaustion vulnerability in Elastic Elasticsearch
An issue has been identified with how Elasticsearch handled incoming requests on the HTTP layer.
network
low complexity
elastic CWE-400
7.5
2021-07-26 CVE-2021-22144 Uncontrolled Recursion vulnerability in multiple products
In Elasticsearch versions before 7.13.3 and 6.8.17 an uncontrolled recursion vulnerability that could lead to a denial of service attack was identified in the Elasticsearch Grok parser.
network
low complexity
elastic oracle CWE-674
6.5