CVE-2015-1427
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.Enginsight
Vendor | Product | Version |
---|---|---|
elastic | elasticsearch | 𝑥 < 1.3.8 |
elastic | elasticsearch | 1.4.0 ≤ 𝑥 < 1.4.3 |
redhat | fuse | 1.0.0 |