Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-56r7-h6mw-rcfv: Elasticsearch: Insertion of Sensitive Information into Log File via reindex API

Insertion of sensitive information in log file in Elasticsearch can lead to loss of confidentiality under specific preconditions when auditing requests to the reindex API https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-reindex

ghsa
#git#java#maven
  1. GitHub Advisory Database
  2. GitHub Reviewed
  3. CVE-2025-37727

Elasticsearch: Insertion of Sensitive Information into Log File via reindex API

Moderate severity GitHub Reviewed Published Oct 10, 2025 to the GitHub Advisory Database • Updated Oct 11, 2025

Package

maven org.elasticsearch:elasticsearch (Maven)

Affected versions

>= 7.0.0, < 8.18.8

>= 8.19.0, < 8.19.5

>= 9.0.0-beta1, < 9.0.8

>= 9.1.0, < 9.1.5

Patched versions

8.18.8

8.19.5

9.0.8

9.1.5

Description

Published to the GitHub Advisory Database

Oct 10, 2025

Last updated

Oct 11, 2025

ghsa: Latest News

GHSA-fhwm-pc6r-4h2f: CommandKit has incorrect command name exposure in context object for message command aliases