CVE-2015-1427

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/02/2015
Last modified:
12/04/2025

Description

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:* 1.3.8 (excluding)
cpe:2.3:a:elastic:elasticsearch:*:*:*:*:*:*:*:* 1.4.0 (including) 1.4.3 (excluding)
cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*