CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

Date published : 2015-02-17

http://www.securityfocus.com/bid/72585

http://www.securityfocus.com/archive/1/534689/100/0/threaded