Publish GHSA-mw3v-mmfw-3x2g

advisory-database[bot] · advisory-database[bot] · commit 297ef0bfe712 · 2025-12-02T22:12:07.000Z
diff --git a/advisories/github-reviewed/2025/11/GHSA-mw3v-mmfw-3x2g/GHSA-mw3v-mmfw-3x2g.json b/advisories/github-reviewed/2025/11/GHSA-mw3v-mmfw-3x2g/GHSA-mw3v-mmfw-3x2g.json
@@ -1,14 +1,18 @@
 {
   "schema_version": "1.4.0",
   "id": "GHSA-mw3v-mmfw-3x2g",
-  "modified": "2025-11-26T22:10:36Z",
+  "modified": "2025-12-02T22:09:57Z",
   "published": "2025-11-25T21:32:07Z",
   "aliases": [
     "CVE-2025-9624"
   ],
   "summary": "OpenSearch is vulnerable to DoS via complex query_string inputs",
-  "details": "A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.\n\nThis issue affects all OpenSearch versions below 3.2.0.",
+  "details": "A vulnerability in OpenSearch allows attackers to cause Denial of Service (DoS) by submitting complex query_string inputs.\n\nThis issue affects all OpenSearch versions below 2.19.4 and versions 3.0.0 through 3.2.0.",
   "severity": [
+    {
+      "type": "CVSS_V3",
+      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
+    },
     {
       "type": "CVSS_V4",
       "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H"
@@ -25,14 +29,33 @@
           "type": "ECOSYSTEM",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "3.0.0"
             },
             {
               "fixed": "3.3.0"
             }
           ]
         }
       ]
+    },
+    {
+      "package": {
+        "ecosystem": "Maven",
+        "name": "org.opensearch:opensearch-common"
+      },
+      "ranges": [
+        {
+          "type": "ECOSYSTEM",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "2.19.4"
+            }
+          ]
+        }
+      ]
     }
   ],
   "references": [
@@ -52,6 +75,14 @@
       "type": "PACKAGE",
       "url": "https://github.com/opensearch-project/OpenSearch"
     },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opensearch-project/OpenSearch/releases/tag/2.19.4"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/opensearch-project/OpenSearch/releases/tag/3.3.0"
+    },
     {
       "type": "WEB",
       "url": "https://opensearch.org/blog/explore-opensearch-3-3"
