CVE-2015-1427CISA KEV: Actively Exploited

Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

Published Mar 25, 2022·Updated Mar 25, 2022

Description

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

Public Exploits & PoCs3 found

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free