Improper Access Control Affecting org.elasticsearch:elasticsearch package, versions [0.6.0,1.3.8) [1.4.0,1.4.3)

Snyk CVSS

Attack Complexity Low

Threat Intelligence

Exploit Maturity Mature

EPSS 87.39% (99^th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-JAVA-ORGELASTICSEARCH-31127
published 18 Feb 2015
disclosed 17 Feb 2015
credit Unknown

Report a new vulnerability Found a mistake?

Introduced: 17 Feb 2015

CVE-2015-1427 Open this link in a new tab CWE-284 Open this link in a new tab

Overview

org.elasticsearch:elasticsearch The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

Improper Access Control Affecting org.elasticsearch:elasticsearch package, versions [0.6.0,1.3.8) [1.4.0,1.4.3)

Snyk CVSS

Threat Intelligence

Introduced: 17 Feb 2015

Overview

References