All Products
Document Center

[Vulnerability notice] Remote code execution vulnerability in Elasticsearch

Last Updated: Apr 02, 2018

Vulnerability description

Elasticsearch is an efficient open-source search engine. A remote code execution vulnerability exits in Elasticsearch with default configurations.

Attackers can exploit this vulnerability to run arbitrary code.

How to fix

Set script.disable_dynamic: true in the elasticsearch.yml configuration file. Then, restart Elasticsearch.