Back to search
CVE-2021-22140
Published: May 13, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
Elastic App Search versions after 7.11.0 and before 7.12.0 contain an XML External Entity Injection issue (XXE) in the App Search web crawler beta feature. Using this vector, an attacker whose website is being crawled by App Search could craft a malicious sitemap.xml to traverse the filesystem of the host running the instance and obtain sensitive files.
| Vendor | Product | Versions |
|---|---|---|
Elastic | Elastic App Search | affected after 7.11.0 and before 7.12.0 |
Weaknesses (CWE)
References
https://discuss.elastic.co/t/7-12-1-security-update/271433
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now