BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
Elasticsearch vulnerability CVE-2015-1427 Feb 11 2015 05:20PM
Kevin Kluge (kevin kluge elasticsearch com)
Summary:
Elasticsearch versions 1.3.0-1.3.7 and 1.4.0-1.4.2 have vulnerabilities in the Groovy scripting engine. The vulnerabilities allow an attacker to construct Groovy scripts that escape the sandbox and execute shell commands as the user running the Elasticsearch Java VM.

We have been assign...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus