Download
| Alert*
Arbitrary code execution vulnerability in Elasticsearch via the source parameter to _search (rpm)
The host is installed with Elasticsearch before 1.2 and is prone to an arbitrary code execution vulnerability. A flaw is present in the application, which fails to handle the source parameter to _search. Successful exploitation could allow attackers to execute arbitrary MVEL expressions and Java code.
|