Improper Access Control Affecting org.elasticsearch:elasticsearch Open this link in a new tab package, versions [0.6.0,1.3.8) [1.4.0,1.4.3)
Exploit Maturity
Mature
Attack Complexity
Low
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications-
snyk-id
SNYK-JAVA-ORGELASTICSEARCH-31127
-
published
18 Feb 2015
-
disclosed
17 Feb 2015
-
credit
Unknown
Introduced: 17 Feb 2015
CVE-2015-1427 Open this link in a new tabOverview
org.elasticsearch:elasticsearch
The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.