THREAT OPS › CVEs › CVE-2015-1427
CVE-2015-1427 — Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Vulnerability details
- Affected productsElasticsearch
- KEV remediation due2022-04-15