AIKIDO-2024-10449
github.com/blevesearch/bleve/v2 is vulnerable to Denial of Service (DoS)
17
Low
github.com/blevesearch/bleve/v2 go
AIKIDO-2024-10449: github.com/blevesearch/bleve/v2 is vulnerable to Denial of Service (DoS) in versions 0.1.0 - 2.4.2.
Denial of Service (DoS)
Vuln in 0.1.0 - 2.4.2
Fixed in 2.4.3
No CVE available
TL;DR
Affected versions of the package are vulnerable to denial of service. An attacker could abuse the fact that some searches result in crashes.
Who does this affect?
You're affected if you are using a version which is within vulnerability ranges.
How can it be fixed?
Upgrade github.com/blevesearch/bleve/v2 library to patch version.
Background info
Don’t be left in the dark
With in-house intel and access to top vulnerability databases, see it all with Aikido.
© 2024 Aikido Security BV | BE0792914919
🇪🇺 Grauwpoort 1, 9000 Ghent, Belgium
🇺🇸 95 Third St, 2nd Fl, San Francisco, CA 94103, US