Path to dependency file: /elasticsearch/build.gradle.kts
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.lucene/lucene-core/8.7.0/ed64084a1502c2a6a411cbd9826131b81e0bf07f/lucene-core-8.7.0.jar
Path to dependency file: /elasticsearch/build.gradle.kts
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.lucene/lucene-core/8.7.0/ed64084a1502c2a6a411cbd9826131b81e0bf07f/lucene-core-8.7.0.jar
Apache Lucene through 7.x and 8.x before 8.10 is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this vulnerability to consume all available CPU resources.
Apache Lucene Java Core
Library home page: http://www.apache.org/
Path to dependency file: /elasticsearch/build.gradle.kts
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.lucene/lucene-core/8.7.0/ed64084a1502c2a6a411cbd9826131b81e0bf07f/lucene-core-8.7.0.jar
Found in HEAD commit: f6d2dad5acc2cc4171db53e59d2389ab0005f9ff
Vulnerabilities
**In some cases, Remediation PR cannot be created automatically for a vulnerability despite the availability of remediation
Details
WS-2021-0646
### Vulnerable Library - lucene-core-8.7.0.jarApache Lucene Java Core
Library home page: http://www.apache.org/
Path to dependency file: /elasticsearch/build.gradle.kts
Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.apache.lucene/lucene-core/8.7.0/ed64084a1502c2a6a411cbd9826131b81e0bf07f/lucene-core-8.7.0.jar
Dependency Hierarchy: - :x: **lucene-core-8.7.0.jar** (Vulnerable Library)
Found in HEAD commit: f6d2dad5acc2cc4171db53e59d2389ab0005f9ff
Found in base branch: main
### Vulnerability DetailsApache Lucene through 7.x and 8.x before 8.10 is vulnerable to a denial of service. By sending a specific regular expression query, a remote attacker could exploit this vulnerability to consume all available CPU resources.
Publish Date: 2021-05-11
URL: WS-2021-0646
### CVSS 3 Score Details (5.3)Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: Low
For more information on CVSS3 Scores, click here. ### Suggested FixType: Upgrade version
Origin: https://exchange.xforce.ibmcloud.com/vulnerabilities/216835
Release Date: 2021-05-11
Fix Resolution: 8.10.0
:rescue_worker_helmet: Automatic Remediation will be attempted for this issue.:rescue_worker_helmet:Automatic Remediation will be attempted for this issue.