漏洞描述
Elasticsearch7.10中发现了内存泄漏漏洞。7.10至7.13.3错误报告。能够向Elasticsearch提交任意查询的用户可能会提交格式不正确的查询,这将导致返回包含以前使用的数据缓冲区部分的错误消息。此缓冲区可能包含敏感信息,如Elasticsearch文档或身份验证详细信息。
ElasticSearch 内存泄露(CVE-2021-22145)
PoC代码
暂无相关漏洞推荐
-
CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE POC
2025-09-01 | ElasticSearchThe default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote... -
CVE-2015-1427: ElasticSearch - Remote Code Execution POC
2025-09-01 | ElasticSearchElasticSearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox prot... -
CVE-2015-3337: Elasticsearch CVE-2015-3337 POC
2025-09-01 | Elasticsearchfofa app="elastic-Elasticsearch" -
ShowDoc /server/index.php?s=/api/adminUpdate/download 文件上传漏洞(CVE-2021-36440) 无POC
2025-09-12 | ShowDocShowDoc 2.9.5版本存在一个高危的文件上传漏洞(CVE-2021-36440),该漏洞源于系统未能对上传文件的类型进行充分验证。攻击者可以绕过安全限制上传任意类型的危险文件,包括但不限于PH... -
CVE-2021-1497: Cisco HyperFlex HX Data Platform - Remote Command Execution POC
2025-09-01 | Cisco HyperFlex HX Data PlatformCisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that coul...