CVE-2015-1427 ElasticSearch (Groovy sandbox bypass && Code Execution Vulnerability)
Vulnerability profile
After CVE-2014-3120, the default dynamic scripting language of ElasticSearch was changed to Groovy, and sandbox was added, but direct execution of dynamic language is still supported by default. This vulnerability: 1. It is bypassed by a sandbox; 2. It is a Google Code Execution Vulnerability.
The reason for the vulnerab ...
Posted on Tue, 16 Nov 2021 21:03:44 -0500 by SirJinX