THREATOPS
THREAT OPSCVEs › CVE-2015-1427

CVE-2015-1427 — Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

CISA KEVExploited: confirmedElastic

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

Vulnerability details