Security bypass vulnerability in Groovy scripting engine in Elasticsearch via a crafted script (dpkg)| ID: oval:org.secpod.oval:def:24055 | Date: (C)2015-04-09 (M)2021-06-06 |
| Class: VULNERABILITY | Family: unix |
The host is installed with Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 and is prone to a security bypass vulnerability. A flaw is present in the application, which fails to handle a crafted script. Successful exploitation could allow attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
