Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Elasticsearch vulnerability CVE-2015-1427
Feb 11 2015 05:20PM
Kevin Kluge (kevin kluge elasticsearch com)
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.
We have been assign...
[ more ]
Copyright 2010, SecurityFocus