You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Trying to search logs with certain illegal characters causes a Search Error. This means that logs submitted by malicious actors or exploit hunters may cause a kind of Denial of Service of OpenSearch dashboards.
The error shown is this:
SyntaxError: Bad escaped character in JSON at position 410488 (line 1 column 410489)
at fetch_Fetch.fetchResponse (https://staging-opensearch.i.example.com/7969/bundles/core/core.entry.js:15:391967)
at async interceptResponse (https://staging-opensearch.i.example.com/7969/bundles/core/core.entry.js:15:386867)
at async https://staging-opensearch.i.example.com/7969/bundles/core/core.entry.js:15:389834
The offending message is this:
"message": "client sent invalid method while reading client request line, client: 10.x.x.x, server: _, request: \"\x03\0\0/*�\0\0\0\0\0Cookie: mstshash=Administr\"",
Specifically it seems to be \x03 (ASCII End of text) that triggers the error (column 410489 is exactly at the start of the escape sequence).
Expected behavior
OpenSearch dashboards should be able to safely handling logs, even for sources that may be connected to the internet and receive malicious data.
OpenSearch Version
2.17.1
Dashboards Version
2.17.1
Plugins
Please list all plugins currently enabled.
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
OS: macOS 14.7
Browser and version: Google Chrome 130.0.6723.69
The text was updated successfully, but these errors were encountered:
Describe the bug
Trying to search logs with certain illegal characters causes a Search Error. This means that logs submitted by malicious actors or exploit hunters may cause a kind of Denial of Service of OpenSearch dashboards.
The error shown is this:
The offending message is this:
Specifically it seems to be
\x03(ASCII End of text) that triggers the error (column 410489 is exactly at the start of the escape sequence).Expected behavior
OpenSearch dashboards should be able to safely handling logs, even for sources that may be connected to the internet and receive malicious data.
OpenSearch Version
2.17.1
Dashboards Version
2.17.1
Plugins
Please list all plugins currently enabled.
Screenshots
If applicable, add screenshots to help explain your problem.
Host/Environment (please complete the following information):
The text was updated successfully, but these errors were encountered: