CVE-2014-3120: Elasticsearch Remote Code Execution Vulnerability.
Elasticsearch Remote Code Execution Vulnerability. Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
- CISA KEV-listed (remediation due 2022-04-15)
- EPSS 85.3% (99.4% percentile)