|
| Description: | | The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script. |
|
| Impact: | | An attacker can take advantage of the vulnerability to bypass the security policy implemented by the software administrator, and perform unauthorized actions to the target system. |
|
| Affected OS: | | Solaris, FreeBSD, Windows, Linux, Other Unix, Mac OS |
|
| Reference: | | SecurityFocusBID:72585
|
|