CVE-2024-37280 Information

Description

A flaw was discovered in Elasticsearch affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

Reference

https://discuss.elastic.co/t/elasticsearch-8-14-0-security-update-esa-2024-14/361007