CVE-2014-3120

Elasticsearch Remote Code Execution Vulnerability

Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. Vendor/Product: Elastic Elasticsearch. Added to CISA KEV 2022-03-25; required action: Apply updates per vendor instructions.

Category: Vulnerability, Known Exploited

Reference: NVD CVE-2014-3120