The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2015-02-17 15:59
Updated : 2023-12-10 11:31
NVD link : CVE-2015-1427
Mitre link : CVE-2015-1427
CVE.ORG link : CVE-2015-1427
JSON object : View
Products Affected
elasticsearch
- elasticsearch
CWE
CWE-284
Improper Access Control