CVE-2021-22145 - AskarLabs CVE Database

CVE-2021-22145

Vendor Elastic

Product Elasticsearch

Weakness CWE-200 · Info exposure

Published July 21, 2021

Last update July 8, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A memory disclosure vulnerability was identified in Elasticsearch 7.10.0 to 7.13.3 error reporting. A user with the ability to submit arbitrary queries to Elasticsearch could submit a malformed query that would result in an error message returned containing previously used portions of a data buffer. This buffer could contain sensitive information such as Elasticsearch documents or authentication details.

Key dates

02Disclosure timeline

July 21, 2021 CVE published

July 8, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-22145 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/200.html

Related vulnerabilities

04Related CVE

CVE-2024-34368 WordPress Mooberry Book Manager plugin <= 4.15.12 - Sensitive Data Exposure vulnerability CVE-2020-3259 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability CVE-2025-33051 Microsoft Exchange Server Information Disclosure Vulnerability CVE-2022-43573 IBM Robotic Process Automation information disclosure CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects