CVE-2015-1427Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2022-03-25 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2015-1427
项目:
Elastic
产品:
Elasticsearch
添加日期:
2022-03-25
到期日:
2022-04-15
最后更新:
June 21, 2025

漏洞名称

Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

描述

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

已知用于勒索软件活动吗?

勒索软件状态:
Unknown

采集行动

Apply updates per vendor instructions.

其他说明

相关新闻文章

相关 CWE