Elasticsearch CVE-2018-17247 XML External Entity Injection Vulnerability

Elasticsearch is prone to an XML External Entity injection vulnerability.

Attackers can exploit this issue to obtain potentially sensitive information or cause a denial-of-service condition. This may lead to further attacks.

Elasticsearch versions 6.5.0 and 6.5.1 are vulnerable.


Privacy Statement
Copyright 2010, SecurityFocus