https://bugzilla.redhat.com/show_bug.cgi?id=1244236
Bug ID: 1244236 Summary: CVE-2015-5377 elasticsearch: unspecified remote code execution vulnerability Product: Security Response Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team@redhat.com Reporter: vkaigoro@redhat.com CC: bkabrda@redhat.com, bkearney@redhat.com, bobjensen@gmail.com, cbillett@redhat.com, cpelland@redhat.com, cperry@redhat.com, java-sig-commits@lists.fedoraproject.org, jvanek@redhat.com, katello-bugs@redhat.com, kseifried@redhat.com, mmccune@redhat.com, ohadlevy@redhat.com, pbrobinson@gmail.com, tjay@redhat.com, tomckay@redhat.com, zbyszek@in.waw.pl
It was reported that Elasticsearch versions prior to 1.6.1 are vulnerable to an unspecified attack, leading to remote code execution.
Upstream fix is not known at the time of writing.