CVE-2015-1427 ElasticSearch (Groovy sandbox bypass && Code Execution Vulnerability)

Vulnerability profile After CVE-2014-3120, the default dynamic scripting language of ElasticSearch was changed to Groovy, and sandbox was added, but direct execution of dynamic language is still supported by default. This vulnerability: 1. It is bypassed by a sandbox; 2. It is a Google Code Execution Vulnerability. The reason for the vulnerab ...

Posted on Tue, 16 Nov 2021 21:03:44 -0500 by SirJinX