CVE-2015-1427

Name of the Vulnerable Software and Affected Versions Elasticsearch versions 1.3.x through 1.3.7 Elasticsearch versions 1.4.x through 1.4.2

Description The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. This issue enables attackers to evade the sandbox protection and execute commands on the affected system.

Recommendations For Elasticsearch versions 1.3.x through 1.3.7, update to version 1.3.8 or later. For Elasticsearch versions 1.4.x through 1.4.2, update to version 1.4.3 or later.