CVE-2015-1427: Elasticsearch Groovy Scripting Engine Remote Code Execution
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability. The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
- CISA KEV-listed (remediation due 2022-04-15)
- EPSS 92.3% (99.7% percentile)