Back to CVE Browser

CVE-2014-3120

Known Exploited (CISA KEV)HIGH

8.1

CVSS Severity Score

EPSS Score81.1470%

EPSS Percentile96.58th

PublishedJul 28, 2014

Last ModifiedApr 22, 2026

Vulnerability Description

The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.

Affected Platforms (CPE)

📦

Elastic

Elasticsearch

< 1.2.0

References & Advisories

🔗 http://bouk.co/blog/elasticsearch-rce/

🔗 http://www.exploit-db.com/exploits/33370

🔗 http://www.osvdb.org/106949

🔗 http://www.rapid7.com/db/modules/exploit/multi/elasticsearch/script_mvel_rce

🔗 http://www.securityfocus.com/bid/67731

🔗 https://www.elastic.co/blog/logstash-1-4-3-released

🔗 https://www.elastic.co/community/security/

🔗 https://www.found.no/foundation/elasticsearch-security/#staying-safe-while-developing-with-elasticsearch

Related Vulnerabilities

CVE-2015-53779.8

Elasticsearch before 1.6.1 allows remote attackers to execute arbitrary code via unspecified vectors involving the transport proto...

CVE-2017-126299.8

Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of ...

CVE-2015-14279.8

The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x before 1.4.3 allows remote attackers to bypass the sandbox pro...

CVE-2020-150979.1

loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server ...