Security
Headlines

Headlines Latest CVEs

Headline

GHSA-qf7c-7r9h-mm92: Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data

Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial of service (OOM crash) via submission of oversized user settings data.

22 hours ago

#dos #git #java #intel #auth #maven

Skip to content

Navigation Menu

- AI CODE CREATION
  - GitHub CopilotWrite better code with AI
  - GitHub SparkBuild and deploy intelligent apps
  - GitHub ModelsManage and compare prompts
  - MCP RegistryNewIntegrate external tools

View all features

Pricing

Provide feedback

Saved searches****Use saved searches to filter your results more quickly

Sign up

Appearance settings

GitHub Advisory Database
GitHub Reviewed
CVE-2025-68384

Elasticsearch has Excessive Allocation of Resources via Submission of Oversized User Settings Data

Moderate severity GitHub Reviewed Published Dec 19, 2025 to the GitHub Advisory Database • Updated Dec 19, 2025

Package

maven org.elasticsearch.plugin:x-pack-security (Maven)

Affected versions

< 8.19.9

>= 9.0.0, < 9.1.9

>= 9.2.0, < 9.2.3

Patched versions

8.19.9

9.1.9

9.2.3

Description

Published to the GitHub Advisory Database

Dec 19, 2025

Last updated

Dec 19, 2025

EPSS score

ghsa: Latest News

GHSA-24v3-254g-jv85: Tuta Mail has DOM attribute and CSS injection in its Contact Viewer feature

1 hour ago

GHSA-4hx9-48xh-5mxr: Keycloak LDAP User Federation provider enables admin-triggered untrusted Java deserialization

1 hour ago

GHSA-5j53-63w8-8625: FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

2 hours ago

GHSA-72mh-hgpm-6384: Orejime has executable code in HTML attributes

4 hours ago

GHSA-v4p2-2w39-mhrj: Apache NiFi GetAsanaObject Processor has Remote Code Execution via Unsafe Deserialization

10 hours ago