{ "schema_version": "1.4.0", "id": "GHSA-5xm9-x7x4-4j5x", "modified": "2025-05-27T17:22:57Z", "published": "2025-04-08T18:34:43Z", "aliases": [ "CVE-2024-52981" ], "summary": "Elasticsearch Vulnerable to Stack Overflow due to a Large Recursion", "details": "An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H" } ], "affected": [ { "package": { "ecosystem": "Maven", "name": "org.elasticsearch:elasticsearch" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "7.17.0" }, { "fixed": "7.17.24" } ] } ], "database_specific": { "last_known_affected_version_range": "<= 7.17.23" } }, { "package": { "ecosystem": "Maven", "name": "org.elasticsearch:elasticsearch" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "8.0.0-alpha1" }, { "fixed": "8.15.1" } ] } ], "database_specific": { "last_known_affected_version_range": "<= 8.15.0" } } ], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52981" }, { "type": "WEB", "url": "https://github.com/elastic/elasticsearch/commit/097fc0654f9305e01402a06c82926bb04ebe5495" }, { "type": "WEB", "url": "https://github.com/elastic/elasticsearch/commit/91ddb124219a5be992644fcf78d7d061e4b7d44c" }, { "type": "WEB", "url": "https://github.com/elastic/elasticsearch/commit/f0948d38fdc811eca4a4b71dcb81a9b7dbb654b3" }, { "type": "WEB", "url": "https://discuss.elastic.co/t/elasticsearch-7-17-24-and-8-15-1-security-update-esa-2024-37/376924" }, { "type": "PACKAGE", "url": "https://github.com/elastic/elasticsearch" } ], "database_specific": { "cwe_ids": [ "CWE-400" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2025-04-09T13:06:43Z", "nvd_published_at": "2025-04-08T17:15:35Z" } }