Elasticsearch : Security Vulnerabilities, CVEs, Published In 2015 (Bypass)
CVE-2015-1427
Known exploited
Public exploit
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
Max CVSS
7.5
EPSS Score
85.97%
Published
2015-02-17
Updated
2018-10-09
CISA KEV Added
2022-03-25
1 vulnerabilities found