Hi,
- Are any of Elastic's products(Elasticsearch, Kibana, and so on) affected by CVE-2022-22965?
Link: https://tanzu.vmware.com/security/cve-2022-22965
Thanks!
1 Like
@xxgogogo I believe the only impact would be on java client which use spring data, don't see any other vulnerability on Elastic Stack as such.
1 Like
Hi, we use Elasticsearch-rest-client, Elasticsearch-rest-high-level-client and spring data too. Will ES affect by the Spring4Shell ::Spring Framework Remote Code Execution Vulnerability?
Hi, @xxgogogo. So far, the Elastic team has not released notes regarding this vulnerability in their products. However, as good security practices, it is interesting to mitigate the risk of exploiting this type of attack by applying correction patches available in other applications based on the framework as they can be an attack vector to your environment.
Here are some links with recommendations for mitigating the failure:
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.