Elasticsearch Remote Code Execution VulnerabilityNVD
Known Exploited Vulnerability
CVE-2014-3120, Elasticsearch Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
The following remediation steps are recommended / required by April 15, 2022: Apply updates per vendor instructions.