The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| org.elasticsearch:elasticsearch(Maven) | 0 | 1.3.8 | N/A |
| org.elasticsearch:elasticsearch(Maven) | 1.4.0 | 1.4.3 | N/A |
CVSS Metrics
