← ExploitWatch
HomeExploited Vulnerabilities

CVE-2015-1427 — Actively Exploited: Elasticsearch (Elastic)

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

CVE IDCVE-2015-1427
VendorElastic
ProductElasticsearch
Vulnerability nameElasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
Date added2022-03-25
Remediation due2022-04-15
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionThe Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →