Improper Access Control Affecting org.elasticsearch:elasticsearch package, versions [0.6.0,1.3.8) [1.4.0,1.4.3)


0.0
high
  • Exploit Maturity

    Mature

  • Attack Complexity

    Low

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • snyk-id

    SNYK-JAVA-ORGELASTICSEARCH-31127

  • published

    18 Feb 2015

  • disclosed

    17 Feb 2015

  • credit

    Unknown

Overview

org.elasticsearch:elasticsearch The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

References