Elasticsearch is vulnerable to arbitrary code execution. This is because dynamic scripting is enabled by default, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search
.
bouk.co/blog/elasticsearch-rce/
bouk.co/blog/elasticsearch-rce/
www.exploit-db.com/exploits/33370
www.exploit-db.com/exploits/33370
www.osvdb.org/106949
www.osvdb.org/106949
www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce
www.securityfocus.com/bid/67731
www.securityfocus.com/bid/67731
github.com/elastic/elasticsearch/issues/5853
www.elastic.co/blog/logstash-1-4-3-released
www.elastic.co/blog/logstash-1-4-3-released
www.elastic.co/community/security
www.elastic.co/community/security/
www.elastic.co/community/security/
www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch
www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch