Remote Code Execution Vulnerability in Elasticsearch Groovy Scripting Engine

Remote Code Execution Vulnerability in Elasticsearch Groovy Scripting Engine

CVE-2015-1427 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

Learn more about our Web Application Penetration Testing UK.