Skip to main content
CVE-2015-1427 CRITICAL POC KEV PATCH THREAT Act Now

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available.

Authentication Bypass Elastic
NVD Exploit-DB VulDB
CVSS 3.1
9.8
EPSS
92.3%
Threat
7.7

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy