What is CVE-2024-37280?

A flaw was discovered in Elasticsearch, affecting document ingestion when an index template contains a dynamic field mapping of “passthrough” type. Under certain circumstances, ingesting documents in this index would cause a StackOverflow exception to be thrown and ultimately lead to a Denial of Service. Note that passthrough fields is an experimental feature.

What is the severity of CVE-2024-37280?

CVE-2024-37280 has a CVSS v3 score of 4.9, which is classified as Medium severity.

Is there an exploit available for CVE-2024-37280?

No known public exploits are currently available for CVE-2024-37280.

Is there a patch available for CVE-2024-37280?

Yes, patches are available for CVE-2024-37280. Check the vendor advisories for update instructions.

CVE-2024-37280 - CVE Details, Severity, and Analysis

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

Vendor	Product
Elastic	Elasticsearch

CVE-2024-37280 - CVE Details, Severity, and Analysis | Strobes VI