Elasticsearch includes a version of AWS Java SDK For Amazon S3 with a security vulnerability #90358
Labels
Comments
|
Thank you for your report. Elastic's security reporting guidelines are available at https://www.elastic.co/community/security. Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to security@elastic.co We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled. Relates #88932 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Elasticsearch Version
8.4.1
Installed Plugins
No response
Java Version
bundled
OS Version
Linux 3f1511ad194d 5.15.0-47-generic #51-Ubuntu SMP Thu Aug 11 07:51:15 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
Problem Description
Elasticsearch 8.4.1 includes AWS Java SDK For Amazon S3 version 1.11.749, for which CVE-2022-31159 has been reported (see GHSA-c28r-hw5m-5gv3)
Steps to Reproduce
Install Elasticsearch 8.4.1, list the content of the modules/repository-s3 directory.
Logs (if relevant)
No response
The text was updated successfully, but these errors were encountered: