ElasticGroovy

Description

CVE-2015-1427

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x (before 1.4.3) allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands via a crafted script.

The logic is based on the Metasploit module.