THREATOPS
THREAT OPSCVEs › CVE-2014-3120

CVE-2014-3120 — Elasticsearch Remote Code Execution Vulnerability

CISA KEVExploited: confirmedElastic

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

Vulnerability details