Security bypass vulnerability in Groovy scripting engine in Elasticsearch via a crafted script (dpkg)ID: oval:org.secpod.oval:def:24055 | Date: (C)2015-04-09 (M)2021-06-06 |
Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted script. Successful exploitation could allow attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.